Autonomous command and control unit for mobile platform

ABSTRACT

In a vehicle designed for the execution of a mission, a programmable decision unit capable of managing and controlling the execution of the mission by utilizing a plurality of subsystems and database capable of holding and managing data including pre-stored data and data acquired by and received from the plurality of subsystems. The programmable decision unit includes a mission plan (MP) for accomplishing the execution of the mission includes a succession of iterations that include each assignment of a mission segment associated with a current mission stated to one or more of the subsystems. Each iteration further includes receipt from the subsystems report data which include data indicative of the execution status of the mission segment by the corresponding subsystem; and evaluation of the report data for determining either normal behavior or an exceptional event. The programmable decision unit is capable of managing and controlling the execution of the mission in an autonomous fashion whereby the vehicle becomes an autonomous vehicle.

FIELD OF THE INVENTION

This invention is in the field of command and control of UnmannedVehicles--(UV), in air, space, ground, underground, sea, and underwaterapplications.

BACKGROUND OF THE INVENTION

The rational for the ever increasing need for autonomous capability ofUVs, stems from the need to provide efficient means to operate vehiclesand to accomplish missions in remote locations, for long, or even verylong duration, and very often, in areas without safe accessibility to ahuman operator. A human operator was found to be ineffective, and evenunreliable or unresponsive in such missions. Furthermore, to operate avehicle from a remote location, in a semi-autonomous man-in-the-loopmode, i.e. a mode of operation involving man intervention, abi-directional data link between the remote, man controlled command andcontrol center, and the on-site unmanned vehicle, must be established.Moreover, achieving high fidelity video transmission over the data linkfor long distance, where sometimes, the data link has to be a securelink, involves high cost and cumbersome logistic effort, which, in somecases, may render the use of such system commercially and/oroperationally prohibitive.

High autonomy operation is also a key rational, when the mission has tobe executed by a fleet of UVs, which are operating in coordination andcooperation. Manual command and control of a fleet of UVs by a humanoperator is extremely complex, if not impossible.

It is accordingly the object of the present invention to substantiallyreduce or overcome the drawbacks associated with hitherto knownsemi-autonomous systems.

More specifically the present invention seeks to enhance the autonomouscapability of UV, by incorporating thereto an onboard programmabledecision unit, operating in an essential autonomous fashion, therebyenabling the UV to achieve better performance in accomplishing itsmission under dynamic, changing and unknown environment and at the sametime increasing the likelihood of mission success, while simplifying thepertinent operational procedures. "Autonomous" in the context of theinvention means execution of a mission under self control without anyintervention of an external supervisor, operator or incooperative agent,while operating in a dynamic, unpredictable friendly, neutral or hostileenvironment. For further details refer to reference 12 below.

Insofar as military applications are concerned, it is another object ofthe invention to incorporate a decision unit, in the manner specified,thereby not only increasing the likelihood of mission success along withsimplifying the pertinent operational procedures, but also reducing therequired supporting logistic, whilst, at the same time, extending therange of operation parameters and operational envelope over enemyterritory.

GLOSSARY OF TERMS

For a better understanding there follows a glossary of terms anddefinitions used herein (in alphabetical order), some being conventionaland others having been coined.

ALP Auxiliary Logic Plan

AM Autonomous Missile

AMC Autonomous Mission Controller

AMO Air Mission Order

ASM Auxiliary Systems Manager

ATE Automatic Test Equipment

AV Autonomous Vehicle

BIT Build In Test

CISC Complete Instruction Set Computer

CLP Communication Logic Pin

CM Communication Manager

DCM Data Communication Module

DR Dead Reckoning

DSP Digital Signal Processing

DTU Data Transfer Unit

FLP Flight Logic Plan

FM Flight Manager

FPM Functional Processing Module

FPSM Functional Processing Sub-Module

GMDB Global Memory and Data Base

GN&C Guidance, Navigation, and Control

GPS Global Positioning System

Graph: denoting a general data structure consisting of nodes (states)and arcs interlinking them, as referred to for example in the book"Graph Algorithms", by S. Even. In the context of the invention, thegraph is not limited to any particular architecture (e.g. binary tree)and accordingly this term encompass all known per se architectures,depending upon the particular application. Typical yet not exclusiveexamples of graph architectures are described in U.S. Pat. No. 5,340,056Guelman et al.

IMU Inertial Measuring Unit

INS Inertial Navigation System

IR Infra Red

LOS Line Of Sight

Man-in-a-loop mode of operation--(referred to also as semi-autonomousmode of operation):

a mode of operation in which management and control of a missionpartially involves man intervention and is partly based on aprogrammable autonomous decision unit,

MM Mission Manager

MM-MP Mission Manager Mission Plan

MM-MS Mission Manager Mission State

MP Mission Plan

MPS Mission Planning System

NLP Navigation Logic Plan

NM Navigation Manager

OMEGA Radio Navigation System

PM Payload manager

RDT Response Decision Tree

RF Radio Frequency

RISC Reduced Instruction Set Computer

RPM Revolutions Per Minute

SLP Sensor Logic Plan

SM System Manager

SM-TS System Manager Task State

SNM Sensor Manager

SOP System Operation Plan

SYLP System Logic Plan

TP Trajectory Plan

TRN Terrain Reference Navigation

UAV Unmanned Air Vehicle

UGV Unmanned Ground Vehicle

UUV Unmanned Underwater Vehicle

UV Unmanned Vehicle

WP Way Point

WTA Weapon to Target Assignment

LIST OF REFERENCES

There follows a list of publications to which reference is madethroughout the description.

1. Yavnai A., (1992). Context Recognition and Situation Assessment inAutonomous Mobile Robots, Proceedings SPIE Vol. 1831 Mobile Robots VII,Boston, November 1992, pp. 119-130.

2. Yavnai A., (1993). "Arbitration Network-A New Approach for CombiningReflexive Behaviors and Reasoning-Driven Behaviors in IntelligentAutonomous Systems., Ch. 43 in Proceedings of International Conferenceon Intelligent Autonomous Systems, IAS-3, Pittsburgh Feb. 15-18, 1993,pp. 428-438.

3. Yavnai A., (1993). "Context Recognition and Situation Assessment inIntelligent Autonomous Systems", in Proceedings of IEEE 1993International Symposium on Intelligent Control, August 1993, Chicago,pp. 394-399.

4. Yavnai A., (1994). "Distributed Decentralized Architecture forAutonomous Cooperative Operation of Multiple Agent System", inProceedings AUVS-94, 21st Annual Technical Symposium Association forUnmanned Vehicle Systems, May 23-25, 1994, Detroit, pp. 95-101.

5. Bertsekas D. P. (1987). "Dynamic Programming--Deterministic andStochastic Models", Prentice-Hall, N.J., USA 1987.

6. Barr A., Feigenbaum E. A., (1981). "The Handbook of ArtificialIntelligence", William Kaufmann Inc., USA, 1981.

7. Bellman R., (1961), "Adaptive Control Pressure--A Guided Tour",Princeton University Press, N.J. , USA, 1961.

8. Rabiner L. R., Gold B. (1975), "Theory and Application of DigitalSignal Processing", Prentice-Hall, N.J. , USA, 1975.

9. Barkat M., (1991), "Signal Detection and Estimation", Artech House,MA, USA, 1991.

10. S. Even, "Graph Algorithms".

11. U.S. Pat. No. 5,340,056, Guelman et al., for "Active defence systemagainst tactical ballistic missiles".

12. Yavnai A., (1989), "Criteria of System Autonomability", ProceedingsInternational Conference on Intelligent Autonomous Systems 2, AmsterdamDecember 1989, pp. 448-458.

GENERAL DESCRIPTION OF THE INVENTION

It should be noted that, for convenience of explanations, the followingdescription is primarily focused on military applications. Nevertheless,any military connotation is by way of example only.

In accordance with the present invention, there is provided a decisionunit, for autonomous, real time, onboard, management and control ofvehicles and their associated sub-systems. The decision unit can beapplied to variety of unmanned vehicles, for air, space, sea,underwater, ground, or underground applications. "Management andcontrol", in this connection, should be construed in a broad sense asencompassing also commanding, decision making, information processingscheduling and others, all as required and appropriate, depending uponthe particular application. Vehicle, in the context of the presentinvention encompass any mobile platform including, for example, amissile.

The decision unit, hereinafter referred to, occasionally, as AutonomousMission Controller--AMC, provides the unmanned vehicle, and itssub-systems, with management and control functions which are needed inorder to accomplish the assigned mission goals, essentially, withoutintervention of a human operator, or any other external elementthroughout the entire mission sequence. If desired, an external elementcan be engaged, in a supervisory role, or in very specific, time limitedsituation.

The AMC of the invention provides the unmanned vehicle with extendedcapability to operate autonomously, whereby the vehicle becomesautonomous vehicle (AV). The decision unit of the invention furtherprovides for the following onboard, real time, self-containedcapabilities of the AMC, taken alone or in combination:

Capability for replanning, adjusting, or updating the Mission Plan (MP),or the System Operation Plan (SOP) (for explaining the function andoperation of the SOP--see below) of the vehicle subsystems in any time,throughout the execution of the mission.

Capability for in-flight (after launch or take-off) or, on-the-move,complete planning of MP and/or SOP.

Extended capability for event-driven decision, on the response toexceptional and unanticipated events, including handling the situationof multiple simultaneous unanticipated events, where a decision on thecombined response must be taken.

Extended capability for fault management, error recovery, andreconfiguration of vehicle functions or systems.

Still further, the AMC of the invention provides for:

Capability for coordination the operation of the UV, with other UV's,when operate in cooperative operation mode, as a member of a UV's fleet,or a mixed fleet of UVs and manned vehicles.

Extended capability for optimal resource management.

The above-mentioned capabilities, distinguish the system of the presentinvention, from any other regular hitherto known mission computers,mission controllers, or any other means, which has been used formanagement, command and control of UVs, and which inherently lack thecapability of fully autonomous operation in dynamic, changing, andunpredictable environment.

There is thus provided in accordance with the invention, in a vehicledesigned for the execution of a mission, a programmable decision unitcapable of managing and controlling the execution of the mission byutilizing a plurality of subsystems and database means capable ofholding and managing data including pre-stored data and data acquired byand received from said plurality of subsystems, which programmabledecision unit comprises a mission plan (MP), for accomplishing theexecution of said mission, associated to said database; said MPcomprising:

(a) a plurality of phases each being a mission phase representing amission segment to be executed by at least one of the subsystems andincluding mission phases that are defined as "initial phase", "terminalphase", and

(b) a plurality of transition conditions for transiting between saidmission phases;

the operation of managing and controlling the execution of the missionincludes a succession of iterations that include each:

(i) assignment of a mission segment associated with a current missionphases to at least some of said subsystems;

(ii) receipt from the subsystems of report data which include dataindicative of the execution status of said mission segment by said atleast one subsystem;

(iii) evaluation of said report data for determining either of normalbehavior and exceptional event; and

(iii.1) in response to normal behavior, either staying in currentmission phases of the MP or transiting from the current mission phase ofthe MP to another in the case that said report data, or portion thereof,satisfy said transition conditions; or

(iii.2) in response to exceptional event eliciting a responsive actionin order to accomplish the execution of said mission;

said programmable decision unit is capable of managing and controllingthe execution of said mission in essentially autonomous fashion wherebysaid vehicle becomes an autonomous vehicle (AV).

The invention further provides in a vehicle designed for the executionof a mission, a programmable decision unit capable of managing andcontrolling the execution of the mission by utilizing a plurality ofsubsystems and database means capable of holding and managing dataincluding pre-stored data and data acquired by and received from saidplurality of subsystems, which programmable decision unit comprises amission plan (MP) for accomplishing the execution of said mission whichMP may be described as a graph that utilizes said database; said graphcomprising:

(a) a plurality of states each being a mission state representing amission segment to be executed by at least one of the subsystems andincluding mission state that are defined as "mission start", "missioncomplete" and "mission failed"; and

(b) a plurality of arcs linking said state and each signifyingtransition conditions between two mission states which it links;

the operation of managing and controlling the execution of the missionincludes a succession of iterations that include each:

(i) assignment of a mission segment associated with a current missionstate to at least one of said subsystems;

(ii) receipt from the subsystems of report data which include dataindicative of the execution status of said mission segment by said atleast one subsystem;

(iii) evaluation of said report data for determining either of normalbehavior and exceptional event; and

(iii.1) in response to normal behavior, either staying in currentmission state of the MP or transiting from the current mission state ofthe MP to anther in the case that said report data, or portion thereof,satisfy said transition conditions; or

(iii.2) in response to exceptional event eliciting a responsive actionin order to accomplish the execution of said mission;

said programmable decision unit is capable of managing and controllingthe execution of said mission in essentially autonomous fashion wherebysaid vehicle becomes an autonomous vehicle (AV).

The term "essentially autonomous" signifies a mode of operation in whichmanagement and control of a mission is predominantly based on aprogrammable autonomous decision unit, with only little or nointervention of man, external computing or any other external means.

It should be further noted that in the context of the invention,Vehicle/Air Vehicle are, as a rule, unmanned, and accordingly the termsUnmanned Vehicle and Vehicle are, essentially interchangeable and thesame applied to the terms "Autonomous Vehicle" (AV) and "UnmannedAutonomous Vehicle".

The mission segment that is assigned to said at least one subsystems is,as a rule, divided to at least one task assigned, respectively, to alike number of said at least one subsystems. Whenever necessary, theremay be two or more "mission complete and/or mission fail states in saidgraph arrangement.

The management and control include, as a rule, in addition to said MP,other procedures which may or may not be describes as a graph and whichwill be discussed in greater detail below, e.g. decison unit andsubsystems initialization and BIT procedures, as well as auxiliaryprocedures affording to follow the mission plan, such as variousinformation processing procedures and monitoring events procedures.

It should be noted that whilst there may be more than one pre-storedavailable MP, only one of them is active at any given time. It should bealso noted that whilst, normally, a given mission is assigned to a UAV,the mission or portion thereof may be dynamically altered during theoperation of the AV, all as required and appropriate depending upon theparticular application. Nevertheless, only one mission is active at anygiven time. When stating that the decision unit utilizes a plurality ofsub system, it should be interpreted as encompassing also as utilizingdifferent subsystem(s) at given stages of the unit's operation.

Preferably, said decision unit is capable of classifying saidexceptional event as belonging to a first group, constituting areplanning group, or a second group, constituting non-replanning group,and in response to a first group classification, said decision unit iscapable of activating an associated planner module, for short time,while-on mission, modifications of said mission plan either partially orin its entirety.

Normally, said report data may further include operational status (orhealth data) that is received, on regular basis, from the varioussubsystems (being typically those assigned to execute the missionsegment in (i) above, but possibly also from the other subsystems notparticipating in the execution of the current mission segment). Otherreport data may be added as required and appropriate.

The report data is received from the subsystems by employing either orboth of known per se interrupt driven and/or polling techniques.Generally speaking, interrupt driven technique, necessary entails thatthe acquisition of the event by a given subsystem is immediately"reported" (unless intentionally masked), whereas polling techniquenecessarily entailed that upon acquisition of an event by a givensubsystem the necessary pertinent data are temporarily stored in abuffer, until the latter is polled by the decision unit at predeterminedtime intervals.

As specified, the report data may include data being indicative ofexceptional events that were acquired by some or all of the subsystems,for generating an appropriate responsive action. "Acquired", in thisconnection, encompass also detection recognition and other forms ofacquisition. Preferably, the responsive action results, eventually, inone of the following actions:

a) no change at all, keep executing said MP, no change of mission state;

b) make a minor modification in the MP, or a parameter thereof with nochange of mission state, then update the database and execute themodified MP;

c) transit the mission state to a new mission state of the MP, notaccording to a regular transition sequence; then execute the MP, whilebeing at the new mission state;

d) select a new MP out of a bank of pre-stored MP according to aselection criteria; then update the database, and execute the newselected MP;

e) select and combine pre-stored MPs, or pre-stored MP segments thereof,into a new combined MP; then, update the database and execute thecombined MP;

f) re-plan an alternative MP or segments thereof by utilizing saidplanner module; then update the database and execute the replanned MP;

g) reconfigure the AV either by replacing an inoperative device ormodule in a subsystem, by an identical backup device, or activate othermodules in the subsystem; then continue according to the MP; and

h) select a crisis recovery MP, out of a bank of pre-stored crisisrecovery MPs according to selection criteria; then update the databaseand execute the selected crisis recovery MP.

The latter range of possible responsive actions may vary depending uponthe particular application; and if desired other responsive action maybe added as required and appropriate.

If desired, said MP may be downloaded, in its entirety, to said databaseprior to departure to said mission, or alternatively portion of said MPcan be downloaded prior to departure to the mission whereas theremaining portion thereof is planned by said planner modulewhile-on-mission.

Optionally, said decision unit is responsive to, essentiallysimultaneous at least two of said events, for generating a combinedresponse. Said combined response is dependent upon at least one of thefollowing factors: the degree of the abnormal event, the system state,the mission context, the sub-systems status, risk to missionaccomplishment and the priority of responses, which is decided upon,according to the possible effect of the event on the operation of thedecision.

If desired, the management and control functions of the AV, and the AMCof the kind specified, are functionally organized, in a multi-levelhierarchy, and preferably, in a three-level hierarchical architecture,in which:

a) Level 1 (top or root) is a global organization and management level;

b) Level 2 (intermediate) is the supervision and coordination levelfunctionally broken down by subsystems; and

c) Level 3 (bottom or leaf) is the execution and control level for eachparticular subsystem.

The responsibility of Level 1 is mainly on the mission level, and on theAV system level issues. Level 1 determines the tasks to be performed bythe AV and its sub-systems. It provides the answer to the question "Whattasks should be done in order to meet the mission objectives?".Specifically, it determines the tasks to be executed by selectedsubsystems and provides, generally, the associated parameters andconstrains, which, as will be explained below, are processed intodetailed design by the system managers (SM) of level 2. The latter areresponsible, each, to a given subordinated subsystem and will assign thedetailed task thereto.

Accordingly, the responsibility of level 2 is mainly on the AVsubsystems operation and performance issues. Level 2 processes the tasksto be performed, into detailed operation plans, for the respectivesubsystems and provides for each one of them an answer to the question"How the tasks should be achieved?" It should be noted that "processing"may require, at times, actual detailed planning of the task, or aportion thereof, utilizing to this end an internal "planner" module(whose particulars will be explained in greater detail below), or,alternatively retrieving a "pre-stored" nominal detailed plan which hasbeen downloaded to the database associated with level 2, prior todeparture to the mission or while-on-mission. Regardless of theprocessing mode of level 2, it has to coordinate and schedule theoperation of the subsystem subordinated thereto.

If desired, the detailed planning aspects associated with level 2, maybe shifted to level 1, in which case the detailed design is transmittedfrom level 1 to level 2. The latter still has to coordinate and schedulethe execution of the task by its subordinate subsystem.

The responsibility of level 3 is mainly on the execution, the controland the data processing functions which are related to the operation ofthe respective subsystems. Subsystems hardware forms part of level 3.

Each level of the AMC hierarchy is composed of Functional ProcessingModules--FPM, which perform the logical and the computational functions,by using computer means. Level 1, the top level of the AMC, include,preferably, one FPM only, the Mission Manager (MM) FPM (in short MM).FPMs in level 1 and level 2 (i.e., System Manager (SM) FPM or SM inshort), perform, mainly, the managing, planning, monitoring,coordination, and the supervising logical and computational functionsfor the respective subordinated subsystem.

FPMs in level 3, performs, mainly, information processing, GN&Cfunctions, as well as, hardware operation, monitoring control functions,again for the respective subsystems. FPMs in level 3 are directly linkedto the hardware subsystems. Hardware subsystems, e.g., mobilitysubsystems, navigation sub-system, sensor, engine, actuators, payload,are part of level 3 of the functional hierarchy. Allocation ofcomputational functions between levels 2 and 3, may depend on theself-contained processing capability of the respective subsystems, e.g.,the navigation system may have self-contained processing capability, toperform all the required navigation computations independently, i.e. itinherently encompasses level 2 and level 3. It should be noted, thatgiven subsystem may include more than one assembly, thus, for example, aflight subsystem may include, inter alia, fins, engine and rudderassemblies.

It should be further noted that the hierarchy of levels 1, 2 and 3described in the foregoing is confined merely to functional definitionand it does not necessarily dictate the manner in which the pertinenthardware and processors will be physically realized. Thus, for example,the MM of level 1, albeit being globally responsible for level 1missions may, under certain circumstances, utilize a network ofinterlinked distributed processors.

Accordingly, there is further provided in accordance with the invention,an autonomous vehicle designated for the execution of a mission andhaving an autonomous programmable decision unit capable of managing andcontrolling the execution of the mission by utilizing a plurality ofsubsystems and database means capable of holding and managing dataincluding pre-stored data and data acquired by and received from saidplurality of subsystems, said autonomous programmable decision unitbeing functionally organized in a three-level hierarchy architecture ofa top level, an intermediate level and a leaf level;

said top level having a mission manager (MM) comprising a missionmanager mission plan (MM MP) for accomplishing the execution of saidmission which mission plan may be described as a mission plan (MP) graphthat utilizes said database; said MP graph consisting of a plurality ofstates each being a mission manager's mission state (MM MS) andincluding MM MS that are defines as "mission start", "mission complete"and "mission failed"; and a plurality of arcs linking said states eachsignifying transition conditions between two MM MSs which it links;

said intermediate level comprising a plurality of system managers (SM)subordinated to said MM, and comprising each a system manager'soperational plan (SOP) which may be described as an SOP graph thatutilizes said database;

said leaf level comprising a plurality of subsystems each subordinatedto one only of said SM's;

each MM MS representing a MM mission segment, to be assigned to at leastone of the SMs, in terms of at least one essentially functionallydefined task and its associated constraints and parameters; the SOP ofeach SM determining an SOP mission segment for assignment to andexecution by the subsystem subordinated thereto in terms of detaileddesign of said essentially functionally defined task;

the operation of managing and controlling the execution of the missionincluding a succession of iterations that include each:

(i) assignment of an MM mission segment associated with a current MM MSvia said at least one SM to said at least one subsystem;

(ii) receipt by each one of said at least one SM from its subordinatedsubsystem intermediate level report data which include data indicativeof the execution status of said SOP mission segment by said subsystem;

(iii) receipt by said MM from the SMs top level report data whichinclude data indicative of the execution status of said MM missionsegment by said at least one sub system;

(iv) evaluation of said top level report data for determining either ofnormal behavior and an exceptional event; and

(iv.1) in response to normal behavior either staying in current MM MS ortransiting from the current MM MS to another in the case that said toplevel report data, or portion thereof, satisfy said transitionconditions; or

(iv.2) in response to an exceptional event eliciting a responsive actionfrom the MM in order to accomplish the execution of said mission.

If desired, step (iv) above may applied, mutatis mutandis, also to eachSOP, and accordingly by one embodiment there is provided a decision unitof the kind specified, wherein at least one of said SOP graphsconsisting of a plurality of states each being an SM task state (SM TS)and including SM TS that are defined as "task start", "task complete"and "task failed"; and a plurality of arcs linking said states and eachsignifying transition conditions between two SM TS which it links, andwherein said SM is further capable of:

(ii.1) evaluation of said intermediate level report data for determiningeither of normal behavior and an exceptional event; and

(ii.11) in response to normal behavior either staying in current SM TSor transiting from the current SM TS to a next one in the case that saidintermediate level report data, or portion thereof, satisfy saidtransition conditions; or

(ii.12) in response to an exceptional event eliciting a responsiveaction from the SM.

The management and control include, as a rule, in addition to said MM MPand SOPs, actions which may or may not be describes as a graph and whichwill be described in greater detail below, e.g. decision unit andsubsystems initialization and BIT procedures, as well as auxiliaryprocedures affording to follow the mission plan such as variousinformation processing procedures and monitoring events procedures.

It should be noted that whilst there may be more than one available MMMP and more than one available SOP for each SM, only one MM MP and oneSOP for each SM are active at any given time. Put differently, themanagement and control functions are governed by only one active MM MP(for the MM) and one SOP (for each operating SM), at any given moment.Whenever necessary, there may be two or more "mission complete and/ormission fail states in either or both of said MP and SOP grapharrangements.

As a rule, the communication between the top, intermediate and leaflevels (and vice versa), exploits known per se data link, and by theintermediary of said database means.

Typically, prior to mission execution, the MM FPM in level 1, reads theAV Mission Plan--MP, and the associated Data Base--DB, which wasprepared in the MPS, and thereafter downloaded to the AV computermemory, via DTU. If desired the AV may be sent to accomplish a missionon the basis of only coarse guidelines, whereas the remaining portion ofthe planning process, typically the major portion thereof, is completedon-board, as the AV advances towards the mission site, by the AMC of thepertinent AV itself utilizing, to this end, internal Planning FunctionalProcessing Sub-Modules (FPSM) referred to also as "planner module") anddata from the DB. Shifting the Planning Process, partially or entirelyto the AV in the manner specified can shorten, significantly, theelapsed time from mission alert, to the arrival of the AV, at thegeographical mission site, constituting thus a significant advantagewhen short time response is required.

Normally, after the MP and DB are downloaded, to the AMC computermemory, a BIT procedure is initiated and run, to check the status of theAMC, to check DB correctness, and to check the status of the AVsub-systems. If the BIT has succeed, the AMC initiate the operation ofthe AV and its subsystems.

While in-mission, the MM gets reports on AV mission execution status,and on subsequent status, as well as reports on events, regular andexceptional, from SM FPMs in the intermediate level that is subordinatedto the MM FPM. The MM FPM monitors the mission execution status, andswitches to another mission phase/state of the Mission Plan upon meetingthe pertinent transition conditions.

Based on the current state of the Mission Plan, the received reports andparticularly upon encountering exceptional events, the MM modifies theMP partially or entirely and as result also of the pertinent SOP. Theupdated plans, (defined in a functional manner), along with indicationof the current mission phase/state and other data, are then transmittedfrom the MM FPM, to the subordinated SMs, in level 2.

Each SM in level 2, is associated with, and in charge of, an executionsubsystem in level 3. SMs in level 2 are fed with operation plan,operation data, and mission/phase indication from MM FPM in level 1. Ifdesired, additional information is sent.

Then, each SM FPM in level 2, generates and sends commands, operationdata and operation mode instructions, to its associated subordinatesubsystem in lower level 3. SM FPMs in level 2, gets processed data,execution status report, and health status reports (referred to,collectively, as intermediate level report data) from their subordinatesubsystems in level 3.

Following the instructions and the commands from level 2 SMs, level 3subsystem perform their tasks, under local control. If desired, dataprocessing tasks may be performed by embedded processors in level 3subsystems, e.g., embedded processors in the navigation subsystem, or,in the sensor subsystem. Level 3 subsystems transmit processed data,task status report, and health reports, to their associated FPMs inlevel 2.

Unless an exceptional event occurred and detected, the MM, and the SMFPMs manage and control the AV and its subsystems, following the MMMission Plan, and the SOPs.

If an exception event, such as abnormal AV operation, unexpected missionsituation or, AV subsystem malfunction, occurred and detected, therelevant FPM decides on a responsive action, and activates theassociated procedures in order to cope with the new situation, and tominimize the effect that may be caused as a result of the exceptionalevent. In certain cases exceptional or abnormal events may lead tochange in part or all of the Mission Plan. A repertoire of possibleresponsive actions for abnormal events has been described in theforegoing.

Accordingly by a preferred embodiment of the invention there is providedan MM of the kind specified being capable of classifying saidexceptional event as belonging to a first group, constituting areplanning group, or a second group, constituting non-replanning group,and in response to a first group classification, said MM is capable ofactivating an associated planner module, for short time,while-on-mission, modifications of said MM MP either partially or in itsentirety. The same applies to a planner module associated to said SMsadapted for local planning of the corresponding SOP or portions thereof.

Thus, by one embodiment there is provided a decision unit of the kindspecified wherein said responsive action of said MM being one of thefollowing a to h options:

a) no change at all, keep executing said MM MP, no change of MM missionstate;

b) make a minor modification in the MM MP, or a parameter thereof withno change of MM mission state, then update the database and execute themodified MM MP;

c) transit the mission state to a new mission state of the MM MP, notaccording to a regular transition sequence; then execute the MM MP,while being at the new mission state;

d) select a new MM MP out of a bank of pre-stored MM MPs according to aselection criteria; then update the database, and execute the newselected MM MP;

e) select and combine pre-stored MM MPs, or pre-stored MM MP segmentsthereof, into a new combined MM MP; then, update the database andexecute the combined MM MP;

f) re-plan an alternative MM MP or segments thereof by utilizing saidplanner module; then update the database and execute the replanned MMMP;

g) reconfigure the AV either by replacing an inoperative device ormodule in a subsystem, by an identical backup device, or activate othermodules in the subsystem; then continue according to the MM MP; and

h) select a crisis recovery MM MP, out of a bank of pre-stored crisisrecovery MM MPs according to selection criteria; then update thedatabase and execute the selected crisis recovery MM MP.

Likewise, said responsive action of said SM being one of the following ato h options:

a) no change at all, keep executing said SOP, no change of SM TS;

b) make a minor modification in the SOP, or a parameter thereof with nochange of SM TS, then update the database and execute the modified SOP;

c) transit the task state to a new task state of the SOP, not accordingto a regular transition sequence; then execute the SOP, while being atthe new task state;

d) select a new SOP out of a bank of pre-stored SOPs according to aselection criteria; then update the database, and execute the newselected SOP;

e) select and combine pre-stored SOPs, or pre-stored SOPs segmentsthereof, into a new combined SOP; then, update the database and executethe combined SOP;

f) re-plan an alternative SM SOP or segments thereof by utilizing saidplanner module; then update the database and execute the replanned SOP;

g) reconfigure the AV either by replacing an inoperative device ormodule in a subsystem, by an identical backup device, or activate othermodules in the subsystem; then continue according to the SOP; and

h) select a crisis recovery SOP, out of a bank of pre-stored crisisrecovery SOPs according to selection criteria; then update the databaseand execute the selected crisis recovery SOP.

Obviously, one or more of said SMs may be adapted to operate inaccordance with the responsive actions a)-h), stipulated in theforegoing. Other responsive actions may be added or deleted, all asrequired and appropriate depending upon the particular application.

Typically, the intermediate level report data is of local and detailednature, e.g. detailed report from the subordinated subsystem and mayalso include quantitative data, e.g. navigation error in meters. Asopposed thereto, the top level report data is more generic nature e.g.mission execution status--complete, fail or ongoing, thereby providingthe MM with "global picture" of the mission execution enabling it toduly coordinate the various SMs for the next mission segment or forgenerating the necessary responsive action. This, however, is notimperative and under certain circumstances detailed report data may besupplied to the MM and by the same token, generic report data may beevaluated, under certain circumstances by one more of said SMs.

As had already been specified in the foregoing, the report data isreceived from the subsystems and/or the SMs by employing either or bothof known per se interrupt driven and/or polling techniques. Likewise,the report data is not necessarily bound to those SMs and subsystemassigned to execute the current mission segment.

By one embodiment, said MM MP is downloaded, in its entirety, to saiddatabase prior to departure to said mission. Alternatively, a portion ofsaid MP is downloaded prior to departure to the mission, whereas theremaining portion thereof is planned by said MM planner modulewhile-on-mission.

In a similar manner, said plurality of SOP are downloaded, in theirentirety, to said database prior to departure to said mission, oralternatively at least one of said plurality of SOP is only partiallydown-loaded prior to departure to mission whereas the remaining portionthereof is planned by the respective SM planner module while-on-mission.

In a situation of multiple simultaneous events, a response combinationFPSM is applied, to generate a combined response. The combined responseis, as a rule, a function of the exception events, the system state, themission context, the sub-systems status, and the priority of responses,which is decided upon, according to the possible effect of the event.

Accordingly, by this particular embodiment there is provided an AV ofthe kind specified, wherein said MM and/or at least one of said SMs isresponsive to essentially simultaneous at least two of said events, forgenerating a combined response. Generally speaking, the higher thepossible risk of the event, e.g. flying in low altitude which jeopardizefight safety, the higher is the response priority that is assigned tothat event.

As had already been specified in the foregoing, the major planningaspects of level 2 may be shifted to level 1, leaving thus essentiallyscheduling and coordination responsibilities to level 2.

If desired the various modification that were described with respect tothe previous three-level hierarchy embodiment, apply mutatis mutandis,also to the latter three level hierarchy embodiment.

The operation of the decision unit as well as the MM and SMs apply,mutatis mutandis, to civilian applications such as, for example,cleaning ocean atomization, combatting locus or clearing maritime fieldmines and environmental monitoring. The MM mission plan, the SOP, thesubsystems and the stored data are all, of course, designed inaccordance with the particular application under consideration.

Still further the invention provides a system comprising a fleet ofAV's, of the kind specified, arranged in a given fleet architecture, foraccomplishing a common mission. As will be explained in greater detailbelow the AVs in the fleet may employ a cooperative mode of operationfor enhancing the likelihood of accomplishing the common mission.

DESCRIPTION OF THE DRAWINGS

For better understanding, the invention will now be described, by way ofexample only, with reference to the accompanying drawings in which:

FIG. 1 is a block diagram which illustrates a general view of anAutonomous Mission Controller--AMC; according to one embodiment of theinvention;

FIG. 2 is a block diagram of the functional architecture of the AMC ofFIG. 1 fitted in an AV;

FIG. 3 is a block diagram of the functional architecture of ageneral-purpose AMC of FIG. 1, fitted in an AV;

FIG. 4a is a block diagram of the functional architecture of the MissionManager (MM) Functional Processing Module (FPM), forming part of the AMCof FIGS. 2 and 3;

FIG. 4b is a schematic illustration of a planning process according toone embodiment of the invention;

FIG. 5 is a block diagram of the functional architecture of a genericSystem Manager (SM) Functional Processing Module (FPM), which is used insome of the SM FPMs forming part of the AMC in FIGS. 2 and 3;

FIG. 6 is an illustration of a typical information flow between the MMFPM and the SM FPMs, of the AMC;

FIG. 7 is a block diagram which illustrates the interrelations betweenthe MM FPM, the Flight Manager FPM, and the Guidance, Navigation andControl (GN&C) functions in an aerial AV, according to one embodiment ofthe invention;

FIG. 8 is an illustrative example of a mission level state graph, whichestablishes the Mission Plan (MP);

FIG. 9 is a schematic illustration of the possible categories, ofexceptional event handling procedure, according to one embodiment of theinvention;

FIGS. 10a-10b show an example of two Response Decision Trees (RDT),illustrating a data flow starting at receipt of abnormal event andending at the generation of an appropriate responsive action;

FIG. 11 is a schematic illustration of the response combination processforming part of the MM FPM of FIG. 4, according to one embodiment of theinvention;

FIGS. 12a-12d are a schematic illustration of, respectively, fourresponse combination modes;

FIG. 13 is a schematic illustration of the AMC computer architecture,according to one embodiment of the invention;

FIG. 14 is a schematic view of an underwater application of UnderwaterAVs which utilized embedded AMC onboard;

FIG. 15 is a schematic view of a ground application of ground AVs whichutilized embedded AMC onboard; and

FIG. 16 is a schematic view of a space application of AV which utilizedembedded AMC onboard.

DETAILED DESCRIPTION OF THE INVENTION

The detailed description, whilst focusing primarily in the tree-levelhierarchy architecture of the invention applies, mutatis mutandis todifferent arrangements including multi-level hierarchy.

Attention is first directed to FIG. 1, which illustrates, in adiagrammatic way, the general view of the three-level functionalorganization of the Autonomous Mission Controller--AMC 100, and itsrelation to the Mission Planning System--MPS 105. The AMC 100 is thecore element of the autonomous UAV (referred to hereinbelow as AV)avionics. It is an onboard embedded computer, which manage, supervise,command and control the AV and its sub-systems, throughout the entiremission sequence, in order to meet the assigned mission goals. In afully autonomous mode of operation, the AMC 100 shall command andcontrol the AV, without any human intervention, from launch, ortake-off, until the mission is completed. Typically, the AMC 100 isinstalled in the avionics/electronics section. If desired, it may beinstalled in another section. The AMC three-level functional hierarchyis organized as follows: Level 1 101, the top level, is the organizationand management level. Level 2 102, the intermediate level is thesupervision and coordination level. Level 3 103, the bottom level, isthe execution and control level.

The upper two levels, namely, level 1 101, and level 2 102, constitutethe core of the AMC 100, while level 3 103 comprise of the AVsubsystems, which in many cases, already exist, e.g., navigationsubsystem, propulsion subsystem, sensor subsystem. Therefore, level 3103 is not considered as an integral part of the AMC 100 although it isa part of a three-level hierarchy of the management, command, andcontrol of the AV and its subsystems. As had already been specified inthe foregoing, by an alternative embodiment level 1 and 2 may be joinedtogether to constitute a decision unit employing a generic mission planfor managing and controlling the subsystems.

Reverting now to the three-level hierarchy, illustrated in FIG. 1, uponreceiving a mission order 104, from the relevant authority, a missionplanning process is conducted by the Mission Planning System--MPS 105.The MPS 105 may be either a ground based system, or installed on aplatform, such as an aircraft, a ship, or any other platform. Theplanning process in the MPS 105 is preferably automatic. However, thisplanning process is supervised and guided, checked and approved, by ahuman operator. Upon completion the planning process, the plan ischecked for correctness and validity.

If validated, the Mission Plan--MP, which includes, as an internal plansthe mission manager mission plan (MM MP), the Systems OperationPlans--SOP, and the associated Data Bases--DB, are stored in the MPS105, memory, or in the Data Transfer Unit--DTU 106 ready to bedownloaded to the AV. When the AV is tested and approved for a mission,and the AMC 100 is ready to receive data, the MP (including MM MP andSOP) and the associated DB are downloaded from the DTU 106 via a datatransmission link 107 which may be a serial link, e.g., a standardRS-422 data link, to the AMC 100 memory.

As will be explained in greater detail below, if the time allowed fromreceiving the mission command, to AV take-off, or launch, is too short,or, in case that the MPS 105 is failed, or no MPS operator is availableto operate the MPS 105 and to conduct the mission planning process, theentire mission planning process may be performed by the AMC 100, afterAV take-off, or launch.

The Automatic Test Equipment--ATE 108, performs automatic test anddiagnostic procedures 109 in order to verify the status of the AV, thestatus of AV sub-systems, and the status of the AV AMC 100.

Level 1 101 performs, mainly, managing and controlling functions whichinclude supervision and sequencing, mission planning/replanning, globalroute/trajectory planning, mission monitoring, plan evaluation andsimulation, decision on responsive action to exceptional events,assignment of tasks and their associated parameters and constraints,which are processed to bring about SOPs, i.e. detailed design of thetask for execution by the AV subsystems. If desired, additionalfunctions may be added or deleted to Level 1 101 all as required andappropriate. Level 1 101 transmit the tasks (defined in a functionalmanner) to be executed by the AV subsystems, and the associated SOPs, tothe System Manager FPMs in Level 2 102. Indication of missionphase/state of the MM MP of level 1 is also transmitted. If desired,additional information may be also send. Level 2 102, which comprise,mainly, System Manager--SM FPMs, send to Level 1 101 information aboutevent, regular and exceptional, that has been detected, or recognized atthat level, or by elements in Level 3 103 subsystems. Level 3 102 alsosend to Level 1 101 information regards the tasks execution status,sub-systems health status, and data as requested, e.g., navigationinformation. Additional data may be transmitted, from Level 2 102 toLevel 1 101, if desired. Based on the instructions and on the datareceived from Level 1 101, and on the data which is received from theexecution subsystems in Level 3 103, each SM FPM in Level 2 102processes the data, determines the mode of operation of its subordinatesubsystem, and generates commands, set points, operational data to itssubordinate subsystem. This information is send, routinely, from Level 3102 SM FPMs to the subsystems in Level 3 103.

Each subsystem in Level 3 103, i.e., Flight & Guidance subsystem,Navigation subsystem, Sensor subsystem, Payload subsystem, CommunicationSubsystem, and if desired, any other subsystem, receive the commands andthe operational data from their supervising SM FPM in Level 2, 102, andperform the commanded task. To accomplish their tasks, the subsystemsuse local and self-contained control and data processing, computingmeans. Data regarding operational status, health status, as well asprocessed data, is send from the subsystems in Level 3 103 to theirassociated superiors in Level 2 102.

Each FPM has a command and management authority for the area under itsresponsibility, and for its subordinates, e.g., level 1 has fullauthority for level 1, level 2, and level 3. A FPM in level 2, has fullauthority for itself, and for its associated subordinate sub-system inlevel 3.

On the basis of the report data received from the various SMs the MM MPand other factors, the MM in level 1 is capable of coordinating theoperation of the SMs by issuing synchronization signals and byassociating and adjusting operating data.

Although untypical, level 1 may, under certain circumstances, executesome of the procedures which are normally assigned to one or more of theSMs of level 2.

FIG. 2 describes the functional architecture of AMC 200 (100 of FIG. 1)for AV. In this embodiment, Level 1 101, the organization and managementlevel, which is the top level of the hierarchy, is composed of one FPM,the Mission Manager (MM) FPM 201.

Level 2 102, the supervision and coordination level, consists, by thisembodiment, of six (6) SM FPMs, which are in charge of their subordinatesubsystems. Two other FPMs, which do not form part of Level 2, are theGlobal Memory and Data Base (GMDB) 208, and Data Communication Module(DCM) 209. The SM FPMs, in this level, are: a) Flight Manager (FM) 202,b) Navigation Manager (NM 203, c) Sensor Manager (SNM) 204, d) PayloadManager (PM) 205, e) Communication Manager (CM) 206, and, f) AuxiliarySystems Manager, (ASM) 207. Each of these six SM FPMs has associatedsubordinate subsystem in Level 3 103. If desirable, other FPMs may beadded to Level 2 or, deleted from that level.

Level 3 103 consists of six (6) sub-systems of the AV: a) Flight andGuidance Systems 212, b) Navigation System 213, c) Sensor System 214, d)Payload System 215, e) Communication System 216, and, f) AuxiliarySystems 217. If desired, other subsystems may be added or, deleted, allas required and appropriate. The subsystems in Level 3 103, mayoptionally have their own local processing means, including local memoryunit, local bus, and other data processing and data handling andtransmission means, as desired. As shown, the Flight and Guidance System212 is subordinate of the Flight Manager 202. The Navigation System 213is subordinate of the Navigation Manager 203. The Sensor System 214 issubordinate of the Sensor Manager 204. The Payload System 215 issubordinate of the Payload Manager 205. The Communication System 216 issubordinate of the Communication Manager 206. The Auxiliary Systems 217are subordinate of the Auxiliary Systems Manager 207.

The FPMs and the AV subsystems are interlinked by two buses. A GlobalBus 210 which may be a standard serial bus, e.g. a MIL-STD. 1553B bus,for control and low volume data transfer between all elements, and, aData Bus 211, which is a standard fast parallel bus, e.g. a VME bus, forhigh data rate, which interconnects only selected elements. If desired,additional FPMs or subsystems may be connected or, disconnected to andfrom the buses, respectively. The subsystems in level 3 are linked tothe buses 210 and 211, via a known per se interface. If desirable, onlyone bus may be used for the functions of the global bus, or, more thantwo buses may be used. Also, if desirable, other types of buses, or busstandards may be used. A Data Link 218, preferably a bi-directionalserial link, is used for data transfer between the AMC 100 andsupporting equipment, such as the MPS 105 and between the AMC and theexternal Automatic Test Equipment (ATE), which checks the AMC and the AVsubsystems prior to launch, or take-off. If desirable, other types ofdata link may be used.

The allocation of FPMs and AV subsystems to the architecture levels is:

    ______________________________________                                        Level           FPM/SUB/SYSTEM                                                ______________________________________                                        1               Mission Manager 201                                           2               Flight Manager 202                                                            Navigation Manager 203                                                        Sensor Manager 204                                                            Payload Manager 205                                                           Communication Manager 206                                                     Auxiliary Systems Manager 207                                 3               Flight and Guidance System 212                                                Navigation System 213                                                         Sensor System 214                                                             Payload System 215                                                            Communication System 216                                                      Auxiliary Systems 217                                         Others (i.e. not belonging                                                                    Global Memory and Data Base 208                               to levels 1, 2 and 3 above)                                                                   Data Communication Module 209                                 ______________________________________                                    

If desired, the allocation of FPMs into hierarchy levels may be changed.

The main functions which are performed by the MM 201, are: a)initialization of AV operation, b) AV mission management and sequencing,according to Mission Manager Mission Plan--MM MP, (referred to also,occasionally, in short as MP), c) monitoring the mission executionstatus, and the subsystems health, d) reasoning about the missioncontext and situation, e) global MP planning, plan adjustment, andreplanning, f) generate and assign tasks for assignment to the SMs,wherein the tasks are defined in functional manner and are associatedwith task parameters and constraints, g) plan evaluation and simulation,h) decision making on responsive action in case of exceptional event orfailure, i) response combination if multiple exceptional events occursimultaneously, and j) coordination the AV operation in cooperativeoperation mode. Where desired, further functions may be performed by theMM 201. More detailed description of the MM, will be given below.

The main functions which are performed by the Flight Manager FM 202,are: a) initializing the operation of the Flight and Guidance System212, including the propulsion subsystems, b) Flight and Guidance System212 management and sequencing, following the mission and flight plan,i.e. the SOP of the flight manager, c) planning and generation ofdetailed local Trajectory Plan--TP, according to the mission plan, wherethe TP has to be executed by the guidance and flight control subsystems,d) generate commands including operation (flight) mode, e.g.instrumented flight along a fixed-altitude leg with level wings, orflight to the next way-point, and operation (flight) data, to Flight andGuidance subsystems 212, e) monitoring the flight execution status, andthe Flight and Guidance System 212 health status, f) report the flightexecution status, and the Flight and Guidance subsystems 212 healthstatus to MM 201, g) decision on responsive action to exceptional eventswhich are related to flight and guidance, and to Flight and GuidanceSystem 212 failures, h) report the MM 201 on exceptional events, i) runBIT procedure of Flight and Guidance subsystems 212. Where desired,further functions may be performed by the FM 202. The functionalarchitecture of the FM 202 is based on the generic functionalarchitecture of the SM FPM, as described by FIG. 5 below. If desired, adifferent functional architecture may be employed for the FM 202.

The main functions which are performed by the Navigation Manager NM 203,are: a) initializing the operation of the Navigation System 213, b)calibration and alignment of the Navigation System 213, c) NavigationSystem 213 management and sequencing, following the navigation plan,i.e. the detailed SOP which is executed in accordance with thefunctional definitions of the task and its associated constraints andparameters generated by MM 201, d) update the navigation plan, e)generate commands including operation (navigation) mode e.g. whichnavigation sensor will be active and contribute to data processing, atcertain time, and operation data to navigation sub system 213, f)monitoring the navigation execution status, and the Navigation System213 health status, g) report the navigation execution status, and theNavigation subsystems 213 health status to MM 201, h) decision onresponsive action to exceptional events which are related to navigationperformance, and to Navigation System 213 failures, i) control thedistribution of the processed navigation data to the user FPMs, i.e. oneor more SMs and their associated subsystems j) perform high level dataprocessing, data association and data fusion functions, on data which isreceived from Navigation sub-systems 213, and/or from the Global Memoryand Data Base--GMDB 208, k) report the MM 201 an exceptional events, l)run BIT procedure of Navigation sub-systems 213.

Where desired, further functions may be performed by the NM 203. Thefunctional architecture of the NM 203 is based on the generic functionalarchitecture of the SM FPM, as described by FIG. 5 below. If desired, adifferent functional architecture may be employed for the NM 203. Theabove mentioned functions of the NM 203 apply for various combination ofnavigation sensors, systems and techniques, including: INS, IMU, GPS,OMEGA, TRN, DR, and any combination of these sensors. If desirable,other navigation sensors, or navigation sensor combinations, or othernavigation techniques may be used.

The main functions which are performed by the Sensor Manager SM 204,are: a) initializing the operation of the Sensor System 214, b)initialization the calibration of the Sensor System 214, c) SensorSystem 214 management and sequencing, following the sensing plan, i.e.,the detailed SOP which is executed in accordance with the functionaldefinitions of the task and its associated constraints and parametersgenerated by MM 201, d) update the sensing plan to cope with actualsituation, e) generate commands including operation (search and sensing)mode, e.g. using single sensor or dual, apply conning search or rastersearch of the detecting elements and of the scanning, and gimbal drivemechanisms; and in case of using multiple sensors, which sensor will beactive and contribute to data processing, at certain time, to Sensorsub-system 214, f) monitoring the sensing execution status, and theSensor System 214 health status., g) report the sensing executionstatus, and the Sensor sub-systems 214 health status to MM 201, h)decision on responsive action to exceptional events which are related tosensor performance, and to Sensor System 214 failures, i) control thedistribution of the sensor processed data to all the user FPMs, j)perform high level data processing, data association and data fusionfunctions, on data which is received from Sensor sub-systems 214, and/orfrom the Global Memory and Data Base--GMDB 208, k) report the MM 201 onexceptional events, l) run BIT procedure of Sensor sub-systems 214.Where desired, further functions may be performed by the SM 204. Thefunctional architecture of the SM 204 is based on the generic functionalarchitecture of the SM FPM, as described by FIG. 5 below. If desired, adifferent functional architecture may be employed for the SM 204. Theabove mentioned functions of the SM 204 apply for various combinationsof sensors, sensor systems and sensing techniques, including: Optical,Electro-optical, IR, RF, Millimeter Wave Radar, Laser based sensors,Acoustic, and any combination of these sensors. If desirable, othersensors, or sensor combinations, or other sensing techniques may beused.

The main functions which are performed by the Payload Manager PM 205,are: a) initializing the operation of the Payload System 215, b)initiate the calibration of the Payload System 215, c) Payload System215 management and sequencing, following the payload operation plan,i.e. the detailed SOP which is executed in accordance with thefunctional definitions of the task and its associated constraints andparameters generated by MM 201, d) update the payload operating plan tocope with the actual situation, e) generate and transmit commandsincluding payload operation mode (depends on the specific payload), andoperation data/parameters to payload sub-system 215, f) monitoring thepayload operation execution status, and the Payload System 215 healthstatus., g) report the payload execution status, and the Payloadsub-systems 215 health status to MM 201, h) decision on responsiveaction to exceptional events which are related to payload performance,and to Payload System 215 failures, i) control the distribution of thepayload processed data to all the user FPMs, j) perform high level dataprocessing, data association and data fusion functions, on data which isreceived from payload sub-systems 215, and/or from the Global Memory andData Base--GMDB 208, k) report the MM 201 on excepted events, l) run BITprocedure of Payload sub-systems 215. Where desired, further functionsmay be performed by the PM 205. The functional architecture of the PM205 is based on the generic functional architecture of the SM FPM, asdescribed by FIG. 5 below. If desired, a different functionalarchitecture may be employed for the PM 205. The payload may be a weaponsystem, e.g., one or more of the following options: an interceptormissile against tactical ballistic missiles, or their ground basedlaunchers, or a warhead--in case of a "Kamikaze" AV, or an intelligencegathering device, or an electronic countermeasure means, or acommunication relay, or a chaff dispenser, or any other mission relatedpayload means, as desirable. The above mentioned functions of the PM 205apply for various kinds of payload sub-systems, depending upon theparticular application.

The main functions which are performed by the Communication Manager CM206, are: a) initializing the operation of the Communication System 216,b) Comm. System 216 management and sequencing, following thecommunication plan, i.e. the detailed SOP which is executed inaccordance with the functional definitions of the task and itsassociated constraints and parameters generated by MM 201, c) update thecommunication plan to cope with the actual situation, d) organize thein-coming and the out-going transmissions, according to protocols, e)monitoring the communication execution status, and the CommunicationSystem 216 health status., f) report the communication execution status,and the Communication System 216 health status to MM 201, g) decision onresponsive action to exceptional events which are related tocommunication performance, and to Communication System 216 failures, h)report the MM 201 on exceptional events, i) run BIT procedure ofCommunication System 216. Where desired, further functions may beperformed by the CM 206.

The functional architecture of the CM 206 is based on the genericfunctional architecture of the SM FPM, as described by FIG. 5 below. Ifdesired, a different functional architecture may be employed for the CM206. The above mentioned functions of the CM 206 apply for various kindsof communication subsystems and techniques, including: RF, optical,optical fibre, and any combination of these.

The main functions which are performed by the Auxiliary System ManagerASM 207, are: a) initializing the operation of the Auxiliary Systems217, b) Auxiliary Systems 217 management and sequencing, following theauxiliary systems operation plan, i.e the detailed SOP which is executedin accordance with the functional definitions of the task and itsassociated constraints and parameters generated by MM 201, c) update theauxiliary systems operating plan to cope with the actual situation, d)generate and transmit commands including operation mode, and operationdata/parameters to auxiliary systems 217, c) monitoring the auxiliarysystems operation execution status, the resource level, and theAuxiliary Systems 217 health status., f) report the auxiliary systemsexecution status, the resource level, and the Auxiliary Systems 217health status to MM 201, g) decision on responsive action to exceptionalevents which are related to auxiliary systems performance, and toAuxiliary Systems 217 failures, h) report the MM 201 on exceptionalevents, i) run BIT procedure of Auxiliary sub-systems 217. Wheredesired, further functions may be performed by the ASM 207. Thefunctional architecture of the PM 205 is based on the generic functionalarchitecture of the SM FPM, as described by FIG. 5 below, with somesimplifications. If desired, a different functional architecture may beemployed for the ASM 207.

The main functions which are performed by the Global Memory and DataBase GMDB 208, are: a) memory and data base management, b) data storageand retrieval, c) data organization, d) memory monitoring, e) data errordetection and correction. The GMDB 208 has three functional areas: a)long-term, inerasable memory, which store data that is not changed frommission to mission, e.g., main programs and data which is related to theAV per se, b) mission memory which store data that is specific to themission. This data is downloaded to the GMDB 208, via data link 218,prior to launch or take-off. c) dynamic memory which store data which isgathered throughout the mission, or, a data which has to be storedtemporarily, during the execution of the mission.

Data which is stored in the long-term, inerasible memory, includes: Mainprogram, AV models and parameters, navigation error models andparameters, sensor models and parameters, models of threats andcountermeasures, parameters of G, N&C loops and filters, parameters ofsensor system. If desirable, further types of data may be added ordeleted. Data which is stored in the mission memory, includes: MissionPlan--MP, global route and Trajectory Plan--TP, System OperationPlans--SOPs, targets map, e.g. sites launchers of tactical ballisticmissiles, threat and intelligence maps, e.g. sites of surface-to-airmissiles batteries, weather conditions information, e.g., maps of windconditions and map of visibility conditions, cartographic data, e.g.,Digital Terrain Elevation Data (DTED), airphotos. If desired, furtherinformation may be added or, deleted to, or from the mission memory,respectively. Data which is stored in the dynamic memory, may include:dynamic location of recognized threats, gathered intelligenceinformation, record of AV mission execution parameters for post- missionanalysis, telemetry information, record of sub-systems operationalparameters. If desired, other data may be stored, or deleted.

The main function of the Data Communication Module DCM 209, is toreorganize, manage and control the data transmission via Data Link 218.The Data Link 218, preferably a bi-directional serial link, is used fordata transfer between the AMC 200 and the supporting equipment, such asthe MPS 105 and between the AMC 200 and the external Automatic TestEquipment (ATE), which checks the AMC 200 and the AV sub-systems priorto launch, or take-off. If desirable, other types of data link may beused. Since the Data Link 218 is operative only in the pre-missionphase, and it is disconnected prior to AV launch or the take-off, theDCM 209 is non-operative after launch or, take-off.

As described earlier, the AV sub-systems in level 3, are not consideredto be an integral part of the AMC 200. It should be emphasized, however,that the data processing capabilities which are required from the FPMsin level 2, are a function of the self contained processing capabilitieswhich are embedded in the sub-systems of level 3. A possible approach isto allocate as much local processing power is feasible, to each of thesub-systems in level 3. However, this approach has to be trade offagainst the resulting cost.

The Flight and Guidance Subsystem 212 includes of the guidance loops,the flight control and autopilot control loops, the engine and itsassociated control loops, the acrodynamic surfaces and its associatedservo control loops, the servo actuators and the associated electronics,and, as an option, the Flight and Guidance processing means. Ifdesirable, further elements may be added. The Flight and GuidanceSubsystem 212 is linked to the AMC 200, via the Global Bus 210. Ifdesirable, a link to the Data Bus 211 may be added.

The Navigation Subsystem 213 includes of the Inertial NavigationSystem--INS, Global Positioning System--GPS radio navigation system,Dead Reckoning--DR navigation assembly which accommodates a verticalgyro, tri-axis magnetometer, air-data sensors, and the associated driveand conditioning electronics, and, if desirable, the navigationcomputing means. Optionally, other navigation means, e.g., other radionavigation systems, or TRN--Terrain Reference Navigation means, or laseror RF altimeter, or other sensors, or optical-based navigation means maybe added, or replace current means. The Navigation Subsystem 213 islinked to the AMC 200, via the Global Bus 210 and the Data Bus 211. Ifdesirable, other means may be used to link the Navigation Subsystem 213to the AMC 200.

The Sensor Subsystem 214 includes of a stabilized IR scanning searchsystem, a laser detector, and a radar detector warning systems, andtheir associated processing means, as well as their gimbal drive andcontrol means. If desirable, other sensors and/or drive andstabilization means may be added. Other sensor means for the AV mayinclude: Optical sensors, Electro-optical sensors, IR sensors, RFsensors, Millimeter Wave sensors, chemical agents sensors, laser basedsensors, acoustic sensors, and other sensors, as may be required andappropriate. If desirable, the processing functions may be performed byprocessing means in the Sensor Manager 204. The Sensor Subsystem 214 islinked to the AMC 200, via the Global Bus 210 and the Data Bus 211. Ifdesirable, other means may be used to link the Sensor Subsystem 214 tothe AMC 200.

The main element of the Payload Subsystem 215 of the AV in the presentinvention is the interceptor missiles, the objective of which is tointercept tactical ballistic missiles in the boost phase of theirtrajectory. Thus the Payload Subsystem 215 comprise of the missiles,their launching mechanisms, and their electrical and mechanicalinterface to the AV body, assemblies, and sub-systems. If desirable,other payload elements, or sub-systems may be used. The PayloadSubsystem 215 is linked to the AMC 200, via the Global Bus 210. Ifdesirable, it may also, be linked to the Data Bus 211. If desirable,other means may be used to link the Payload Subsystem 215 to the AMC200.

The Communication Subsystem 216 includes of two-way narrow band RFcommunication link. If desirable, other means for communication,including electro-optical, or fiber-optic based communication link, maybe used. The communication link is used, mainly, for status reporting tocommand, control, communication and intelligence centers, and forintra-group and intra-fleet communication with other AVs in cooperativemode of operation (see below). The Communication Subsystem 216 is linkedto the AMC 200, via the Global Bus 210. If desirable, a link to the DataBus 211 may be added and other means of data transmission between theCommunication Subsystem 216 and the AMC 200, may be used.

The Auxiliary Subsystem 217, includes: landing gear, electricalalternator, fuel pumps, and further sub-systems, and assemblies, as maybe desirable. The Auxiliary Subsystems 217 are linked to the AMC 200,via the Global Bus 210. If desirable, a link to the Data Bus 211 may beadded and other means of data transmission between the AuxiliarySubsystems 217 and the AMC 300, may be used.

Attention is now directed to FIG. 3 showing a functional architecture ofAMC 300 (100 in FIG. 1, 200 in FIG. 2) for AV, other than air AV. Thestructure of AMC 300 is similar to that of AMC 200, which was describedwith reference to FIG. 2. Also, the structure, the functions, and thefunctional architecture of FPMs in AMC 300, are similar to FPMs in AMC200 which has the same responsibilities, e.g., Sensor Manager 304 in AMC300, is similar in its functionalities, functional architecture, anddata transmission links to AMC 300, to Sensor Manager 204 in AMC 200.Obviously, since the specific application of the AV in FIG. 3, and itsvehicular characteristics are different from that of an air AV in FIG.2, i.e. not necessarily intercepting tactical ballistic missiles, thespecific algorithms, models, data bases, mobility systems, sensorsystems, navigation systems, and other AV subsystems modules of the AVAMC 300 have a different structure from their counterparts in the airAV, and the air AV AMC 200, and those versed in the art will readilyunderstand that the detailed description of each specific element 3xy ofAMC 300, is similar, mutatis mutandis, to its counterpart 2xy of AMC300, and therefore will not be further expounded herein.

FIG. 4 describes in a diagrammatic way, the functional architecture ofthe Mission Manager FPM 201 in FIG. 2 (301 in FIG. 3). It should benoted that for clarity of presentation, local data buffers and temporarymemories were omitted from FIGS. 4 and 5. Thus, the Mission Manager FPM201 accommodates mainly, the following Functional Processing Sub-ModulesFPSMs: a) Mission Supervisor/Sequencer FPSM 401. b) System ManagersCoordinator FPSM 402. c) Mission & System Monitor FPSM 403. d)Context/Situation Reasoner FPSM 404. c) Exceptional Event Handler FPSM405. f) Global Planner/Coordinator FPSM 406. g) Cooperation CoordinatorFPSM 407. h) Simulator/Evaluator FPSM 408. i) Memory and Data Base FPSM409. j) Active Plan Memory FPSM 410. k) Data Organizer FPSM 411. l)Communication/Interface FPSM 412. The Communication/Interface FPSM 412provides data transfer means to and from the Global Bus 210 and the DataBus 211, FIG. 2. The Data Organizer FPSM 411 functions are protocolmanagement, data organization and, data dispatching. While in the"Pre-Mission" mission state (801, see FIG. 8 below) the Mission Plan MPand the associated Data Base DB is downloaded to the AMC Global Memory(Data Base 208, FIG. 2), the relevant parts thereof, (e.g. the datawhich are specific to the mission or to a segment thereof), aredownloaded to the Memory and Data Base FPSM 409. The Memory and DataBase FPSM 409, has three functional areas: a) long-term, inerasiblememory which stores data that is not changed from mission to mission,e.g., main programs and data which is related to the AV per se, b)mission memory which store data that is specific to the mission. Thisdata is downloaded to the GMDB 208, via data link 218, in thePre-Mission mission state, prior to launch or take-off, c) dynamicmemory which stores data which is gathered throughout the mission, or, adata which has to be stored temporarily, during the execution of themission. Data which is stored in the long-term, inerasible memory,includes: Main program, AV models and parameters, navigation errormodels and parameters, sensor models and parameters, models of threatsand countermeasures, parameters of G, N&C loops and filters, parametersof sensor system. If desirable, further types of data may be added ordeleted. Data which is stored in the mission memory, includes: MMMission Plan--MP, global route and also desired pre-planned nominal TPand SOPs, target maps, e.g. launch sites of tactical ballistic missiles,threat and intelligence maps, e.g. sites of surface-to-air missilesbatteries, weather conditions information, e.g., maps of wind conditionsand map of visibility conditions, cartographic data, e.g., DigitalTerrain Elevation Data (DTED), airphotos. If desired, furtherinformation may be added or, deleted to, or from the mission memory,respectively.

Obviously, in the latter embodiment the pre-stored SOPs data aretransmitted from level 1 to level 2, but as has already been specifiedin the foregoing this is only one option and by an alternative,preferred embodiment only functional tasks and their associatedparameters and constraints are transmitted to one or more SMs in level2, which in their turn are capable of processing the transmitted data soas to bring about a detailed plan SOPs. It is recalled in thisconnection that the SOPs may be a priori stored in the databaseassociated with level 2, or planned (either in part or entirely) byutilizing the SM's local planner.

It should be noted in this connection that whilst for sake of clarity ofexplanation the various options of SOP downloading, planning andexecution discussed above will not be repeated in every particular casewhere the propagation of data from level 1 to level 2 is described,they, nevertheless, apply.

Reverting now to the structure of FPSM 409 it further includes dynamicmemory for storing data such as dynamic location of recognized threats,gathered intelligence information, record of AV mission executionparameters for post-mission analysis, telemetry information, record ofsub-systems operational parameters and others. If desired, other datamay be stored, or deleted.

Data and models are transmitted from the Memory and Data Base FPSM 409to the following FPSMs: a) Mission Supervisor sequencer FPSM 401. b)data and models to Global Planner/Coordinator FPSM 406 toSimulator/Evaluator FPSM 408, and to Exceptional Event Handler FPSM 405.c) Active Plan to be executed, to Active Plan Memory 410, i.e. a segmentof the MM MP which is relevant to the current MM MS defined in terms offunctional tasks and its associated parameters and constrains d) data toother AMC modules, via modules 419, 411 and 412. From the Pre-Missionstate, and throughout the execution of the entire mission sequence, theMission Supervisor/Sequencer FPSM 401 manage the mission sequenceaccording to: a) the MM MP, which determines, inter alia, the missionphases/states, and their conditional directed connectivity, see FIG. 8.below b) information on the mission execution status and systems statuswhich is received from the Mission and System Monitor FPSM 403, c)information on decisions and instructions regarding the response toexceptional events which is provided by Exceptional Event Handler FPSM405.

While being in a certain phase/state, the Mission Supervisor/SequencerFPSM 401 checks, continuously, if the transition conditions to anotherphase/state are met and if in the affirmative, the MissionSupervisor/Sequencer FPSM 401 transits the mission phase/state toanother phase/state, and reports the new mission phase/state, as well astiming information to the Active Plan Memory FPSM 410, to the Missionand System Monitor FPSM 403, to the Global Planner/Coordinator FPSM 406,as part of the Plan Command data and to the System Managers Coordinator402. The new mission phase/state determines a functional mission segmentin terms of functional tasks and their associates constrains assigned,respectively to at least one of said SMs.

The actual assignment of the mission segment utilizes the Memory andDatabase Unit 409 as well as the Active Plan Memory 410 in the followingmanner. Thus, the Mission Supervisor/Sequencer FPSM 401 manage theretrieval and distribution of data from the Memory and Data Base unit409 to the users. The active plan which is the operative plan to beexecuted during the current mission phase/state, is transmitted from theMemory and Data Base unit 409 to the Active Plan Memory 410, whichmaintain the updated plan. If desirable, the plan which is executed maybe updated, in a Fast Update mode, which is the main updating mode intime critical situations. The System Operation Plans--SOPs, and theinstructions to the System Managers is then transmitted to the SystemManagers Coordinator FPSM 402, where a synchronization process isperformed. After the SOPs are synchronized, the coordinated plans aredelivered to the System Managers via modules 419, 411 and 412. In casethat a replanning or, a plan modification action is required, theMission Supervisor/Sequencer FPSM 401 send a Plan Command to the GlobalPlanner/Coordinator FPSM 406. If desirable, a complete planning processmay be performed by FPSM 406.

The Plan Command includes data regarding: a) plan type. b) planninginitialization and synchronization parameters. c) time to complete pland) operation mode--individual or, cooperative. Further data may beincluded in the Plan Command, if desirable. The GlobalPlanner/Coordinator FPSM 406 referred to also as said "Planner module"comprises of the following FPSMs: a) Planning Manager FPSM 413. b)Requirements Definition FPSM 414. c) Procedure Selector FPSM 415. d)Plan Generator FPSM 416. e) Optimizer FPSM 417. f) Plan Selector FPSM418. Upon receiving the Plan Command from FPSM 401, the Planning ManagerFPSM 413 initiates the planning process, and determine processparameters, e.g., time to plan, planning with or without optimization.The planning requirements and constraints are then defined by theRequirements Definition FPSM 414. If the AV operate in a cooperativemode, then the data provided by the Cooperation Coordinator FPSM 407, isalso considered during the requirements definition. Follow the planningrequirements definition, the appropriate planning procedure or, planningprocedures are selected by the Procedure Selector FPSM 415, to be usedby the Plan Generator FPSM 416. There are several planning procedures,each for a different planning task, e.g., cruise route planning, fastcruise route planning, trajectory planning, sensing planning,communication planning, and further planning procedures, as desired.After the appropriate planning procedures are selected, the planningprocedures and the data for planning, is send from the Memory and DataBase 409, to the Plan Generator FPSM 416. The Plan Generator FPSM 416may execute several planning procedures concurrently as instructed bythe Planning Manager FPSM 413. In various circumstances, the planningprocess is a bi-phase process. In the first phase, executed by the PlanGenerator FPSM 416, a plan or, usually, several alternative plans aregenerated so as to meet the constraints, but they are not yet optimized.The plans are then delivered to the Optimizer FPSM 417, where anoptimization operation is conducted as the second planning phase. ThePlan Generator and the Optimizer use variety of planning andoptimization techniques, some of which are based on Dynamic Programmingoptimization methods, see: a) Bertsekas D. P. (1987), "DynamicProgramming--Deterministic and Stochastic Models", Prentice--Hall, N.J.,USA, 1987, and, b) Bellman R., (1961), "Adaptive Control Processes--AGuided Tour", Princeton University Press, N.J., USA, 1961. Someprocedures are using A# type of optimal search algorithms, see: Barr A.,Feigenbaum E. A., (1981), "The Handbook of Artificial Intelligence",William Kaufmann Inc., USA, 1981. Other planning and optimizationtechniques and methods may be used such as the following knowntechniques (taken alone or in combination):

Dijkstra, neural network, genetic algorithm, linear programming,gradient search, Newton search, heuristic, simulated annealing, integralequations, differential equations, difference equations, fuzzy models,random search, learning techniques, non-linear programming, digitalfilters, and continuous time filters. Further techniques which aresuitable for planning but not for simulation are the known unimodelsearch and multi-model search techniques.

If the time is critical, or not optimization is required, the plangenerated in the first phase may be delivered directly to the Memory andData Base, 409, a procedure which is termed "Fast Update Mode." If theplans undergo an optimization process, then, several, e.g., 3-4,alternative plans are send to the Simulator/Evaluator FPSM 408, where anevaluation procedure, or a simulation, is performed. The evaluation andsimulation processes examine variety of criteria, e.g., expected time ofarrival to destination, predicted fuel consumption, predictedTime-on-Target, probability of exposure to hostile countermeasures,which enable to give the appropriate score to each of the alternativeplans. The criteria for plan selection may vary along the missionsequence. Based on the score given by the Simulator/Evaluator, the PlanSelector FPSM 418, selects the most desirable plan for execution, anddeliver the plan to the Memory and Data Base 409, and the PlanningManager 413 reports to the Mission Supervisor Sequencer 401 that thecurrent planning process has been terminated.

According to the mission schedule, the plan, which is to become theactive plan, is loaded from the Memory and Data Base 409 to the ActivePlan Memory 410, and thereafter to the System Managers Coordinator FPSM402. In the case that the active plan doesn't include the SOPsthemselves (i.e. the System Managers Coordinator FPSM 402 holdsfunctional tasks and their associated parameters and constraints for therespective at least one participating SM), FPSM 402 will assign at aproper timing so as to coordinate the SMs activities, the tasks andtheir associated parameters and constraints (where constrains includescheduling considerations) to the respective SMs in level 2 which willprocess it so as to bring about the corresponding SOP, i.e. detailedplan of the particular task.

In the case that the AV is operated in a cooperative operation mode, theinformation provided by the Cooperation Coordinator FPSM 407, is usedfor planning requirement definition, and by the planning FPSMs tofollow. The Cooperation Coordinator FPSM 407 comprise of the followingFPSMs: a) Dynamic Local Blackboard. b) Evaluation Unit. c) LocalAdaptive Decision Algorithms. d) Learning Network for ParameterAdjustment. Detailed description of the structure and the functions ofthe Cooperation Coordinator FPSM 407 in the present embodiment is givenin: Yavnai A., (1994), "Distributed Decentralized Architecture forAutonomous Cooperative Operation of Multiple Agent System", inProceedings AUVS-94, 21st Annual Technical Symposium Association forUnmanned Vehicle Systems, 23-25 May, 1994, Detroit, USA. pp. 95-101.Other techniques for coordination of cooperative operation may be used,if desirable. Information regarding subsystems status, mission and taskexecution status, events, as well as various relevant variables, e.g.,fuel consumption rate, navigation data, and further data as required, iscontinuously transferred to the Mission Manager, from all the other AMCFPMs, via the buses, and units 412, and 411, respectively. This data isthen delivered to the Mission and System Monitor FPSM 403. Based on thisinformation, further processing is conducted by the Mission and SystemMonitor FPSM 403, using computing means, to determine the system status,and to recognize the occurrence of exceptional events. The report onmission status is delivered to the Mission Supervisor/Sequencer FPSM401, where the occurrence of an exceptional event is reported to theContext/Situation Reasoner FPSM 404 and to the Exceptional EventsHandler FPSM 405. The Context/Situation Reasoner FPSM 404 associatesevents and tracks their temporal evolution, in order to assess themission and the system context and situation. The recognized context andsituation is then transferred to the Exceptional Events Handler FPSM405. The technique which is used for reasoning about the mission andsystem context and situation, in the present embodiment is detailed in:a) Yavnai A., (1992), "Context Recognition and situation Assessment inAutonomous Mobile Robots", Proceedings SPIE Vol. 1831 Mobile Robots VII,Boston, November 1992, pp. 119-130. b) Yavnai A., (1993), "ContextRecognition and Situation Assessment in Intelligent Autonomous Systems",in Proceedings of IEEE 1993 International Symposium on IntelligentControl, August 1993, Chicago, USA, pp. 394-399. If desirable, othertechniques may be used.

The Exceptional Events Handler FPSM 405 maintain decision maps which arein the form of conditional decision trees, each called a ResponseDecision Tree--RDT; see, e.g., FIG. 10(a) and FIG. 10(b), as examples ofRDT. Each decision tree, map an exception event, into a decision on theresponsive action that has to be taken, in order to, eventually,minimize the effect of the exceptional event. Based on its internalRDTs, the Exceptional Events Handler FPSM 405 determine the responsiveaction to be taken, as a response to the exceptional event. Thisdecision on the response in then reported to the MissionSupervisor/Sequencer FPSM 401, and via FPSM 401, to the GlobalPlanner/Coordinator FPSM 406, when the decision lead to a replanning, orplan modification activity. This decision on the response is also sendto the Memory and Data Base 409. Another function which is performed bythe Exceptional Event Handler FPSM 405, is the generation of a combinedresponse in the case when two or more exceptional events, occursimultaneously. The response combination mechanism, and the associatedFPSMs, are described with reference to FIG. 11 and FIG. 12, in thepresent invention.

A possible repertoire of responsive actions to abnormal events is:

a) no change at all, keep executing the current MM MP, no change of MMMS.

b) make a minor adjustment or modification in the current MM MP or aparameter thereof, no change of MM MS. Then, update the active planmemory and execute the MM MP. The minor adjustment and modification canbe done by the exceptional event handler FPSM or by the planner FPSMdepending upon the event.

c) transit the MM MS to another MM MS that is associated with thecurrent MM MP, where the transition is not according to the nominal,regular, transition sequence. Then, execute the current MM MP whilebeing at the new MM MS. The transition to another MM MS is done by themission supervisor/sequencer FPSM.

d) select an alternative MM MP out of a bank of pre-planned MM MPsaccording to selection criteria. Then, update the active plan memory andexecute the newly selected MM MP. A transition from the current MM MS toa new MM MS associated with the updated MM MP may be required. The MM MPselection is done by the exceptional event handler FPSM or by themission supervisor/sequencer FPSM, depending upon the exceptional event.

e) select and combine pre-planned MM MPs, or pre-planned plan segmentsthereof, into a new combined MM MP. Then, update the active pan memoryand execute the updated MM MP. A transition from the current MM MS, to anew MM MS, associated with the updated MM MP may be required. The plancombination is done by the planner FPSM.

f) re-plan an alternative MM MP or segments thereof. Then, update theactive plan memory and execute the updated MM MP. A transition from thecurrent MM MS to a new MM MS associated with the updated MM MP may berequired. The re-planning is done by the planner FPSM.

g) reconfigure the AV either by replacing an inoperative device ormodule in a subsystem, by an identical functioning, backup, device, or,activate other modules in the subsystem, which albeit being differentthan the inoperative device can functionally execute the same task; thencontinue according to the MM MP; A transition from the current MM MS toa new MM MS, within the current MM MP, may be required. Thereconfiguration is done by the exceptional event handler FPSM.

h) select a crisis recovery MM MP, out of a bank of pre-stored crisisrecovery MM MPs according to selection criteria; then update thedatabase and execute the selected crisis recovery MM MP. A transitionfrom the current MM MS to a new MM MS, associated with the updated MMMP, may be required. The MM MP selection is done by the exceptionalevent handler FPSM or by the mission supervisor/sequencer FPSM,depending upon the exceptional event. A modification to the pre-plannedcrisis recovery MM MP may be require and if so, the modification is doneby the exceptional event handler FPSM or by the planner FPSM.

The same responsive actions apply, mutatis mutandis, to the SMs.

An example is now given, see FIG. 4(b), of the planning/replanningprocess which is performed by the Global Planner/Coordinator FPSM 406.In this example, the Mission and System Monitor FPSM 403, recognize theoccurrence of the exception event "SCHEDULE₋₋ LAG", see FIG. 10(a),while the AV is cruising to the target area, state 4 CRUISE 804 in FIG.8. The Mission and System Monitor FPSM 403 reports on this exceptionalsituation to the Exceptional Event Handler FPSM 405, which then run aResponse Decision Tree--RDT, as described by FIG. 10(a). It is assumed,in the present example, that the AV engine is running in full RPM,therefore, according to FIG. 10(a), branch 1005, in FIG. 1 10(a), has tobe followed. Thus, the response to be taken as a result of theexceptional event "SCHEDULE₋₋ LAG", is to replan the cruise route, 1006,and to continue the cruise flight, according to the updated plan. Areport on the selected response is then issued to the MissionSupervisor/Sequencer FPSM 401, which, in turn, issues a Plan Command tothe Planning Manager FPSM 413. The Plan Command include data regarding:a) plan type being in the present example CRUISE₋₋ PLAN. b) planninginitialization and synchronization parameters which in the presentexample being the geographical location of the origin waypoint WP A 430in the updated cruise route, the geographical location of theterminal/destination waypoint WP B 431 in the updated cruise route, andtime of the day, to arrive at WP A 430. c) time to complete the planningprocess. In the present example, the upper bound to the planning processtime is given by time difference between the current time and thearrival time to WP A 430. Following the Plan Command, the PlanningManager FPSM 413, determines the planning process parameters, such as:a) time to plan, b) whether to incorporate, or not, an optimizationphase. Based on that information, and according to the specific planningalgorithm for cruise route planning, the Requirements Definition FPSM414, defines the requirements and the data which is needed for thatplanning process.

In the present example, the defined requirements include: a) thegeographical information such as coordinates of WP A 430 and WP B 431,b) the boundaries of the geographical area which is subject to theplanning process, c) the resolution of the planning grid, namely, to howmany grid cells the geographic area between the origin WP A 430, and theterminal WP B 431 should be divided. This geographic area is bound byfour grid lines: 445, and 446 is one dimension, along the direction oftravel 432, and 447 and 448, in the other dimension, perpendicular tothe direction of travel. The four lines also determine the boundaries ofthe planning area, d) the weather conditions, e.g., winds, andbarometric pressure in the bounded geographical area, (c) definition ofno-flight areas, for reasons of flight safety and/or hostile activities.

Upon completing the requirements definition, the Procedure Selector FPSM415, selects and retrieves the Cruise Route Planning Procedure and therequested data for planning, from the Memory and Data Base FPSM 409.After the Cruise Route Planning Procedure, and the data for planning, isselected, it is sent from the Memory and Data Base 409, to the PlanGenerator FPSM 416, for planning execution. Attention is now directedagain to FIG. 4(b), which illustrates the cruise route planning process.The Cruise Route Planning Procedure, which is performed by the PlanGenerator FPSM 416, utilizes a Dynamic Programming based algorithm tofind the optimal cruise route, in terms of the shortest flying time.Namely, to find the cruise route which will bring the AV fromgeographical location WP A 430 to geographical location WP B 431 in theshortest time, under specified weather conditions. This specificalgorithm has a single optimization criterion--minimize time. Ifdesirable, the optimization process may be a multi-variable optimizationprocess, which may be much more complex and more time consuming.Specifically, the algorithm use a multi-step discrete and deterministicversion of the dynamic Programming algorithm. The planning space and theplanning complexity are determined by the number N of the multi-stagesequential decision steps, and by the number L of possible decisions, oractions, at each decision step. The total number D of decisions in thiscase is given by: D=(N-2) * L * L+2 * L. In the present example, seeFIG. 4(b), N=4, L=3, hence, D=24.

The benefit of using a dynamic Programming based planning algorithm isthat it eliminates many non-optimal possibilities.

In the current example, FIG. 4(b) the need to examine a combinatorialtree of 3 * 9 * 9 * 3 (i.e. 729) possibilities is avoided. Instead, only24 possibilities have to be examined, in a sequential process. In thecurrent example, the planning parameters N and L, determine the planningcomplexity, and the resulting planning time duration. As mentionedbefore, the geographical area which is spanned between WP A 430, and WPB 431, along the direction of travel 432, and between grid lines 447 and448, across the direction of travel 432, is divided to smaller areacells, by a cartesian grid, the dimensions of the grid cells are DX 434,and DY 435. A coarse grid division, namely, large DX 434 and DY 435 griddimensions, leads to a less complex decision process, and hence, to ashorter planning time. A fine grid division, namely, smaller DX 434 andDY 435 grid dimensions, leads to a longer planning time, but also topossible better decision, or, a better cruise route plan. The griddimensions DX 434 and DY 435, may be equal to each other, or not. Forthe sake of simplicity, it is assumed that all the grid cells has thesame area and dimensions, and that both DX and DY, are not changed, overthe entire planning area. The number N of decision steps, is determinedby the distance R 433 between WP A 430 and WP B 431, and by the alongtrack geographical cell dimension DX 434. R is also termed as theplanning grid length, N is given by: N=R/DX. In the present example,FIG. 4(b), N=4. The number L of possible decisions at each decisionstep, is given by the distance R2 450 between lines 447 and 448, and bythe across track grid dimension DY 435.

R2 is also termed the planning grid width. L is given by: ##EQU1## i.e.L=3.

The distance R 433 is given by the geographical location of the originWP A 430 and the terminal WP B 431. The distance R2 is subject to thedecision on the planning area, and it is also derived, among otherfactors, from the limitation on the admissible flight corridors. In thepresent example, each grid line intersection forms a candidate WP forthe planned route. For example, the intersection 436 between grid line447 and grid line 449, form a potential WP C 436, at the geographicallocation of the intersection 436. In the same way, other potential WPsare defined. In the present example, the following potential WPs aredefined: WP C 436, WP D 437, WP E 438, WP F 439, WP G 440, WP H 441, WPI 442, WP J 443, and WP K 444. The total number of potential WPs is thusnine (9), plus WP A 430 and WP B 431. If desirable, other arrangementsof the WPs may be used.

The cruse route planning process is conducted in two phases: a)prediction of the flight time along each individual flight segment,between two WPs, b) selecting the optimal route for minimum travel time,between WP A 430 and WP B 431. In the first phase, the predicted flyingtime between every two neighboring WPs is calculated. In the presentalgorithm, it is not allowed to fly between two neighboring WPs whichare located on the same grid line across the direction of flight 432.For example, the only allowed flight segments from WP C 436, are to: a)WP F 439, b) WP G 440, or c) WP H 441. It is, in the present example,not permitted to fly from WP C 436 to either WP D 437, or to WP E 438.However, these limitations are not necessarily imperative and may beeliminated if desirable, and in any case they do not limit the use ofthe algorithm.

In FIG. 4(b), each potential route segments is connecting two WPs, andit is represented by a directed arc from the tail (origin) WP toward thehead (destination) WP. Each arc is labelled by a number which representsthe predicted time of flight (in hours) between the two connected WPs.The predicted time of flight is a function of the geographical distance,the winds and other weather parameters, the engine RPM and otherparameters. Accordingly, by this particular example, the predicted timeof flight along the segments is: segment AC--1 hour, segment AD--2hours, segment AE--3 hours, segment CF--2 hours, segment CG--4 hours,segment CH--3 hours, segment DF--1 hours, segment DG--2 hours, segmentDH--3 hours, EF--3 hours, segment EG--1 hour, segment EH--3 hours,segment FI--2 hours, segment FJ--2 hours, segment FK--5 hours, segmentGI--1 hours, segment GJ--4 hours, segment GK--4 hours, segment HI--4hours, segment HJ--1 hour, segment HK--2 hours, segment IB--4 hours,segment JB--3 hours, segment KB--1 hour.

After the prediction of the flight time for each route segment iscompleted, the optimization process is initiated. The flightpossibilities to each WP is examined, and the route which leads to theshortest time from WP A 430 to the WP is declared as the optimal routefrom WP A 430 to the said potential WP. It should be noted that incertain cases, the shortest route is not necessarily a unique route, andin some cases, more than one route may be performed in the same shortesttime. In FIG. 4(b) the following are the optimal flying time from WP A430, to the said WP. In step 1, the optimal flight time to WP C 436, toWP D 437, and to WP E 438, is calculated. The optimal flying time fromWP A 430, to WP C 436, along segment AC is 1 hour. The optimal flyingtime from WP A 430, to WP D 437, along segment AD is 2 hours. Theoptimal flying time from WP A 430, to EP E 438, along segment AE is 3hours. In step 2, the optimal flight time to WP F 439, to WP G 440, andto WP H 441, is calculated. The optimal flying time from WP A 430, to WPF 439 along segments AC and AF, or AD and DF is 3 hours. The optimalflying time from WP A 430, to WP G 440 along segments AD to DG, or AEand EG is 4 hours. The optimal flying time from WP A 430, to HP H 441along segments AC and CH is 4 hours. In step 3, the optimal flight timeto WP I 442, to WP J 443, and to WP K 444, is calculated. The optimalflying time from WP A 430, to WP I 442 along segments AC and CF and FI,or AD and DF and FI, or AD and DG and GI, or AE and EG and GI, is 5hours. The optimal flying time from WP A 430, to WP J 443 along segmentsAC and CF and FJ, or AD and DF and FJ, or AC and CH and HJ, is 4 hours.The optimal flying time from WP A 430, to WP K 444 along segments AC andCH and KH is 6 hours. In step 4, the optimal flight time from WP A 430to WP B 431 is calculated. The optimal flying time from WP A 430, to WPB 431, along segments AC and CH and HK and KG is 7 hours. In the presentexample, the optimal route is unique. No other route is available with 7hours (or less) of execution. Hence, the optimal route is composed ofthe segments which connect the following WPs: A--C--H--K--B.

After completion, the optimal route plan is transmitted to the Memoryand Data Base FPSM 409. A report on plan completion is transmitted bythe Planning Manager FPSM 413 to the Mission Supervisor/Sequencer FPSM401. Then, when this plan becomes the active plan, the plan is deliveredto the Active Plan Memory FPSM 410. The flight plan being definedfunctionally in terms of segments which connects said WP, will then beprocessed in level two by the Flight manager into a detailed trajectoryplan specifying inter alia the trajectory flight velocities, turningradius, rate of climbing and descending, timing considerations andothers.

If the time allowed for route planning is long, additional optimizationprocess may be used, where the geographic area is divided to smallergrid cells, and where the route planning give a finer plan, at the costof longer planning time.

The planning procedure that was described in the foregoing applies,mutatis mutandis, to planning procedures other than finding the optimalroute, and obviously, for different purposes when other applications areconcerned. It should be further noted that the planning procedure thatwas described with reference to FIG. 4b is not bound by particularplanning technique and other techniques, as specifies above, may beutilized for realizing the planner module.

Attention is now directed to FIG. 5 which describes in a diagrammaticway, the generic functional architecture of a System Manager FPMs inFIG. 2 (and in FIG. 3). In the present embodiment, the following SystemManagers FPMs has a functional architecture which is based on thegeneric functional architecture, as described in FIG. 5: a) FlightManager FPM 202, b) Navigation Manager FPM 203, c) Sensor Manager FPM204, and d) Payload Manager FPM 205. If desirable, other FPMs may bebased on the generic functional architecture.

A System Manager FPM, which is based on the generic architecture,comprise, mainly, of the following Functional Processing Sub-ModulesFPSMs: a) System Supervisor/Sequencer FPSM 501. b) Sub-systemCoordinator FPSM 502. c) Data Processing/Local Planner FPSM 503. d)Memory and Data Base 504. e) Active Plan Memory 505. f) System MonitorFPSM 506. g) Exceptional Event Handler FPSM 507. h) Data Organizer FPSM508. i) Communication/Interface, 509. The Communication/Interface FPSM509 provide data transfer means to and from the Global Bus and the DataBus, designated collectively as 510, FIG. 2. All the data transmissionand communication with other modules of the AMC are performed via unit509. The Data Organizer FPSM 508 functions are protocol management, dataorganization and, data dispatching.

As specified in the foregoing, while in the Pre-Mission, mission state801, see FIG. 8, the Mission Plan MP, sub-systems System OperationPlans--SOPs, and the associated data, are downloaded to the AMC GlobalMemory and Data Base 208, FIG. 2. If desired, the data can be allocatedto other memory units. The relevant parts, thereof, i.e. being SOPsbroken down by System Managers, e.g. SOP for flight manager, SOP forsensing manager etc. are downloaded to the Memory and Data Base FPSM504.

Put differently, a nominal detailed design is a priori loaded to the SMof level 2, for use when it receives a proper command from thecoordinator 402 of the MM (i.e. the functional task and the associatedparameters and constrains that are associated to said pre-stored SOP).The Memory and Data Base FPSM 504, has three functional areas: a)long-term, inerasible memory which store data that is not changed frommission to mission, e.g., system manager programs and data which isrelated to the AV and to its subsystems per se. b) mission memory whichstores data that is specific to the current mission and to the SM. Thisdata is downloaded via data link 218, in the Pre-Mission mission state,prior to launch or take-off. c) dynamic memory which store data which isrelated to the sub-system, and which is gathered throughout the mission,or, a data which has to be stored temporarily, during the execution ofthe task. Data which is stored in the long-term, inerasible memory, isrelated to the specific sub-system, which is managed by the relevantSystem Manager, e.g., system manager program, control and guidanceparameters, navigation error models and parameters, sensor models andparameters, models of threats and countermeasures, parameters of sensorsystem. If desirable, further types of data may be added or deleted.

Data which is stored in the mission memory, which is prepared prior tothe specific mission, include: System Operation Plan--SOP for thesubsystem which is managed by the system manager (assuming theembodiment where nominal pre-planned SOPs are a priori stored in level2), kinematic models of tactical ballistic missiles--for the SensorManager FPM 204, threat and intelligence maps, e.g. sites ofsurface-to-air missiles batteries, weather conditions information, e.g.,maps of wind conditions and map of visibility conditions, cartographicdata, e.g., Digital Terrain Elevation Data (DTED), airphotos, GPSAlmanach--for the Navigation Manager FPM 203. If desired, furtherinformation may be added or, deleted to, or from the mission memory,respectively.

Data which is stored in the dynamic memory, may include: sensormeasurement readings, target track file, dynamic location of recognizedthreats, gathered intelligence information, estimated target trajectory,record of AV mission execution parameters for post-mission analysis,telemetry information, record of sub-systems operational parameters,again broken down by the SMs under consideration. If desired, other datamay be stored, or deleted. Data and models are transmitted from theMemory and Data Base FPSM 504 to the following FPSMs: a) SystemSupervisor Sequencer FPSM 501. b) data and models to DataProcessing/Local Planner FPSM 503, to System Monitor FPSM 506, and toExceptional Event Handler FPSM 507. c) Active Plan to be executed, toActive Plan Memory 505. d) data to other AMC modules, via 511 andmodules 508, 509 and 510.

From the Pre-Mission state, and throughout the execution of the entiremission sequence, the System Supervisor/Sequencer FPSM 501 manage thesystem task and operation sequence according to: a) the SOP, whichdetermines, inter alia, the task/sub-system phases/states, and theirconditional directed connectivity. b) information on the task executionstatus, and sub-system status which is received from the System MonitorFPSM 506. c) information on decisions and instructions regarding theresponse to exceptional events which is provided by Exceptional EventHandler FPSM 507. While being in a certain phase/state, the SystemSupervisor/Sequencer FPSM 501 checks, continuously, if the transitionconditions to another phase/state are met and once these conditions aremet, the System Supervisor/Sequencer FPSM 501 transit thetask/sub-system phase/state to another phase/state, and report the newtask/subsubsystem phase/state, as well as timing information to theActive Plan Memory FPSM 505, to the System Monitor FPSM 506, and to theData Processing/Local Planner FPSM 503, as part of the Plan/ProcessCommand data. The System Supervisor/Sequencer FPSM 501 manages theretrieval and distribution of data from the Memory and Data Base unit504 to the users, i.e. modules 505, 506 and 507. The active plan (i.e.SOP or segment thereof) which is the operative plan to be executedduring the current task/subsystem phase/state by the subordinatesubsystem, is transmitted from the Memory and Data Base unit 504 to theActive Plan Memory 505, which maintain the updated system operationplan. If desirable, the System Operation Plan--SOP, which is executedmay be updated, by the Data Processing/Local Planner FPSM 503. A plansegment is send to the Sub-System Coordinator FPSM 502, which then issuesynchronized instructions and commands to the subordinate sub-system.

The synchronized instructions and commands are delivered to thesub-systems via 511, and modules 508, 509 and 510. In case that areplanning or, operation plan modification is required, or a dataprocessing action is required, the System Supervisor/Sequencer FPSM 501sends a Plan/Process Command to the Data Processing/Local Planner FPSM503, to perform a plan replanning, or a data processing task. Ifdesirable, a complete planning process of the System OperatingPlan--SOP, may be executed by FPSM 503. The Plan/Process Command includedata regarding: a) plan or, process type. b) local planning or,processing, initialization and synchronization examples of RDT. c) timeto complete the local planning or, the data processing task. Furtherdata may be included in the Plan/Process Command, if desirable. Each ofthe System Manager operate several planning procedures, each for adifferent planning task.

For example, the Data Processing/Local Planner FPSM 503 of the FlightManager FPM 202 may employ procedures for cruise route planning, fastcruise route planning, trajectory planning, and scheduling planning.Further planning procedures may be employed as desirable.

Likewise, the Data Processing/Local Planner FPSM 503 of the SensorManager FPM 204 may employ procedures for search planning, trackingplanning, and further planning procedures, as desirable.

Preferably, the Data Processing/Local Planner FPSM 503 may executeseveral local planning procedures concurrently, and use variety of dataprocessing, and planning and optimization techniques.

Some of the data processing procedures are based on digital filteringtechniques and Fast Fourier Transforms, see: Rabiner L. R., Gold B.,(1975), "Theory and Application of Digital Signal Processing",Prentice-Hall, N.J., USA, 1975. Other data processing, estimation, anddetection techniques, e.g., correlation functions, Kalman-filter, may beused. See: Barkat M., (1991), "Signal Detection and Estimation", ArtechHouse, Mass., USA, 1991. Some of the planning and optimizationtechniques are based on Dynamic Programming optimization methods, see:a) Bertsekas D. P. (1987), "Dynamic Programming--Deterministic andStochastic Models", Prentice-Hall, N.J., USA, 1987, and, b) Bellman R.,(1961), "Adaptive Control Processes--A guided Tour", PrincetonUniversity Press, N.J., USA, 1961. Some procedures are using A* type ofoptimal search algorithms, see: Barr A., Feigenbaum E. A., (1981), "TheHandbook of Artificial Intelligence", William Kaufmann Inc., USA, 1981.Other planning and simulation techniques and methods may be used, asdescribed in the foregoing with reference to the globalplanner/coordinator 406.

According to the task schedule, the operation plan, which is to becomethe active operation plan, is loaded from the Memory and Data Base 504to the Active Plan Memory 505, and thereafter, plan segments are loadedto the Sub-System Coordinator FPSM 502. The latter will assign the SOPsegment at the proper timing to its subordinated subsystem.

Information regarding sub-systems status, and task execution status,events, as well as various relevant variables, e.g., fuel consumptionrate, navigation data, and further data as required, is continuouslytransferred to the System Manager under consideration, from thesubordinated sub-system via the buses 510, and the units 508, and 509,respectively. This data is then delivered to the System Monitor FPSM506, and to the Exceptional Events Handler FPSM 507. Based on thisinformation, further processing is conducted by the System Monitor FPSM506, using computing means, to determine the task and the sub-systemstatus, and to recognize the occurrence of exceptional events, which areunder the responsibility of the said System Manager. The report on taskstatus is delivered to the System Supervisor/Sequencer FPSM 501, and thelatter after duly processing it delivers it, or portion thereof, to theMission Manager FPM 201. The occurrence of an exceptional event isreported to the Exceptional Events Handler FPSM 507, and to the SystemSupervisor/Sequencer FPSM 501.

Similar to the Exceptional Events Handler FPSM 405 of the MM, also theExceptional Events Handler FPSM 507 maintains local decision maps whichare in the form of conditional decision trees, each called a ResponseDecision Tree--RDT, of the kind shown in FIG. 10(a) and FIG. 10(b), butwhich in departure from the FPSM 405 are confined to local issues of thesubordinate subsystem which, as a rule, concern particular aspects ofthe mission execution rather than generic ones.

Each decision tree, maps an exceptional event in the responsibility ofthe said System Manager, into a decision on the responsive action thathas to be taken, in order to, eventually, minimize the effect of theexceptional event. Based on its internal RDTs, the Exceptional EventsHandler FPSM 507 determines the action to be taken, as a response to theexceptional event. This decision on the response is then reported to theSystem Supervisor/Sequencer FPSM 501, and via FPSM 501, to the DataProcessing/Local Planner FPSM 503, when the decision lead to areplanning, or data processing activity. This decision on the responseis also send to the Memory and Data Base 504. If desirable, the decisionon responsive action is also reported to the Mission Manager 201.Another function which is performed by the Exceptional Event HandlerFPSM 507, is the generation of a local combined response in the casewhen two or more exceptional events, occur simultaneously. The responsecombination mechanism, and the associated FPSMs, are described withreference to FIG. 11 and FIG. 12, in the present invention.

FIG. 6 describes the main elements of information flow within a AV AMC300, between the Mission Manager FPM 301, and the six (6) System ManagerFPMs, numbered 302 through 307 in FIG. 3. Also described in FIG. 6 isthe information flow elements between the Mission Manager FPM 301, andthe MPS 105 and the ATE 108. It should be noted, however, that theinformation flow between the Mission Manager FPM 301 and the MPS 105,and between the Mission Manager FPM 301 and the ATE 108, existed only inthe pre-mission phase.

The Mission Manager 301 send the following information elements, to theSystem Manager FPMs:

a) to Mobility Manager 302: Route plan defined in functional manner,mobility/transportation mode, mobility data, mission state.

b) to Navigation Manager 303: initialization command, initializationdata, navigation mode, Navigation plan defined in a functional manner,mission state.

c) to Sensor Manager 304: Sensing Plan defined in functional manner, andparameters, sensing mode, sensor operation commands, mission state.

d) to Payload Manager 305: payload operational plan defined in afunctional manner, payload operation commands, payload operationparameters, mission state.

e) to Communication Manager 306: communication plan defined in afunctional manner, communication system operation command, transmissionout, mission state.

f) to Auxiliary Manager--307: auxiliary systems operation plan definedin functional manner, auxiliary systems operation mode, auxiliarysystems operation command, mission state.

g) to Mission Planning System MPS 105 (at pre-mission phase):acknowledgement on receiving data.

h) to Automatic Test Equipment--ATE 108 (at pre-mission phase): testresults.

It should be commented that apart from the pertinent functional task theadditional data sent from level 1 to 2 constitute said parameters andconstraints which are necessary for processing the functional task intodetailed plan.

If desirable, other elements of information may be send from the MissionManager 301, to the System Manager FPMs.

The Mission Manager 301 receive the following information elements, fromthe System Manager FPMs: a) from Mobility Manager 302:Trajectory/mobility plan execution status, mobility systems status. b)from Navigation Manager 303: navigation plan execution status,navigation data, navigation systems operative and health status. c) fromSensor Manager 304: sensing plan execution status, sensor object datai.e. high level data resulting from the sensor data processing,assimilation, fusion and abstraction; sensor status. d) from PayloadManager 305: payload status, data which is gathered and/or processed bythe payload, acknowledgement, payload plan execution status e) fromCommunication Manager 306: transmission in, communication system status.f) from Auxiliary Systems Manager 307: execution status, auxiliarysystems status. g) from Mission Planning System MPS 105 (at pre-missionphase): mission plan, mission data bases. h) from Automatic TestEquipment--ATE 108 (at pre-mission phase): test procedures. Ifdesirable, other elements of information may be send to the MissionManager 301, from the System Manager FPMs.

FIG. 7 illustrates in a schematic way, the functional interrelationsbetween the Mission Manager 700 (201 in FIG. 2 and 301 in FIG. 3), theFlight Manager FPM 720 (202 in FIG. 2), and the Guidance, Navigation andControl (GN&C) functions 780 in an AV. Thus, FIG. 7 provides an extendedand focused view on the flight component of the AV mission, and AV'sAMC, a view which is more familiar to experts in guidance navigation andcontrol systems and technology, respectively. MPS 105 is the MissionPlanning System, DTU 106 is the Data Transfer Unit. The Launcher 710 maybe any platform or a device which support the launch or, take-off of theAV. The Mission Manager 700 (201 in FIG. 2, 301 in FIG. 3) is shown herewith only some of its FPSM, for reasons of clarity. Actually, the MM 700constitutes level 1 (101 in FIGS. 1, 2, 3) of the hierarchy. Level 2(102 in FIGS. 1, 2, 3) of the hierarchy is composed of the FlightManager 720 (202 in FIG. 2) which is also not completely detailed inFIG. 7, along with the other System Manager FPMs, collectivelydesignated as 730. The Sensor sub-system 750 (214 in FIG. 2, 314 in FIG.3), the G, N&C sub-systems, collectively designated 780, and the otherAV's sub-systems, collectively designated 740, constitute level 3 (103in FIGS. 1, 2, 3) of the hierarchy.

Prior to AV launch, or take-off, the Mission Planning System--MPS 105,produce the Mission Plan--MP, and the related Data Base DB, which isthen downloaded to the Data Transfer Unit 106, and via the Data Link107, it is downloaded to the AV AMC 200.

Upon receiving a mission order 104 (or an Air Mission Order--AMO), fromthe relevant authority, a mission planning process is conducted by theMission Planning System--MPS 105. The MPS 105 may be either a groundbased system, or installed on a platform, such as an aircraft, a ship,or any other platform, hereinafter termed the launcher 710. The planningprocess in the MPS 105 is preferably automatic. However, this planningprocess is supervised and guided, checked and approved, by a humanoperator. Upon completion the planning process, and the plan validation,the Mission Plan--MP, which includes, as an internal plans, the nominalpre-planned Trajectory Plan--TP, and the nominal pre-planned SystemsOperation Plans--SOP for the AV's subsystems, and the associated DataBases--DB, are stored in the MPS 105, or in the Data Transfer Unit--DTU106 ready to be downloaded to the AV.

When the AV is tested and approved for a mission, and the AV AMC 200 isready to receive data, the MP (including the pre-planned nominal TP andSOP) and the associated DB are downloaded from the DTU 106 via a datatransmission link 107 which may be a serial link, e.g., a standardRS--422 data link, to the AMC's Mission Plan and Data Base memory andEditor Functional Processing Sub-Module (FPSM) 701, which is one of thesub-modules that constitute the Mission Manager 700 (201 in FIG. 2, 301in FIG. 3). If desirable, other means for data transfer from the MPS 105to the Mission Plan and DB Memory and Editor 701, may be used. If thetime allowed from receiving the mission command, to AV take-off, orlaunch, is too short, or, in case that the MPS 105 is failed, or no MPSoperator is available to operate the MPS 105 and to conduct the missionplanning process, the entire mission planning process may be performed,in-flight, by the AMC's Planner/Coordinator FPSM 704, after AV take-off,or launch, and the SOPs planned by the SMs local planners.

Prior to launch, or take-off, a Mission Plan may be selected, out of abank of alternative mission plans, which were planned by the MPS 105,and then stored in the unit 701. Furthermore, a plan may be edited andmodified, while stored in the Mission Plan & DB and Editor FPSM 701, upto the very last minute, prior to AV launch, or take-off. Plan selectionand editing is performed by the AV operator or a planner personnel,onboard the launcher 710, or in its vicinity. During the plan selectionand plan edit operation, the Mission Plan & DB and Editor FPSM 701, maysend data to the launcher 710, for indicating and displaying variousparameters and graphical data which represent the Mission Plan, andfurther factors, as desired, to the AV mission planner or, operator. TheMission Plan & DB and Editor FPSM 701 maintain the modified MissionPlan, and send the relevant mission data to the MissionSupervisor/Sequencer FPSM 702 and to the Planner/Coordinator FPSM 704.

Prior to launch, the Mission Supervisor/Sequencer FPSM 702 sends reportsto the launcher 710, indicating if the launch conditions are met. Thereports are based on information which is received from the Mission andSystem Monitor FPSM 703. When the launch conditions are met, a launchcommand is issued and send from the launcher 710, to the MissionSupervisor/Sequencer FPSM 702. Upon receiving the launch command fromthe launcher 710, the Mission Supervisor/Sequencer FPSM 702, takes fullauthority on the AV, transits the system phase/state to "LAUNCH" andreports the new phase/state to the Planner/Coordinator FPSM 704. ThePlanner/Coordinator FPSM 704 sends the appropriate commands to theSystem Manager FPMs 720 and 730, which then, send the commands to thoseparts of sub-systems 740 and 780 which are involved in the launchoperation. If desirable, a man-in-the-loop mode of operation may beemployed in the take-off and landing phases. In such mode of operation,the human operator override the AMC, in that particular phase.

During the execution of the mission, the Mission Supervisor/SequencerFPSM 702 manage the mission sequence according to: a) the MM MP, whichdetermines, inter alia, the mission phases/states, and their conditionaldirected connectivity, b) information on the mission execution statusand systems status which is received from the Mission and System MonitorFPSM 703, c) information on decisions and instructions regarding theresponse to exceptional events. This data is provided by ExceptionalEvent Handler FPSM 705. While being in a certain phase/state, theMission Supervisor/Sequencer FPSM 702 checks, continuously, if thetransition conditions to another phase/state are met. Once theseconditions are met, the Mission Supervisor/Sequencer FPSM 702 transitsthe mission phase/state to another phase/state, and reports the newmission phase/state to the Planner/Coordinator FPSM 704.

The Planner/Coordinator FPSM 704, maintains the relevant segment of theMM Mission Plan, whereas the pertinent SOPs of the AV sub-systems aremaintained by the local planners of SMs 720 and 730, respectively. ThisFPSM adjust and update, or replan the global plans, as requested by theExceptional Events Handler FPSM 705. The Planner/Coordinator FPSM 704receives information on the mission phase/state from the MissionSupervisor/Sequencer FPSM 702. Based on this information, thePlanner/Coordinator FPSM 704 sends the relevant segments of theoperation plans, operation commands, operation mode instructions, andsynchronization messages, to the System Manager FPMs 730, i.e. thefunctional tasks and their associated parameters and constraints (whichas specified inherently include scheduling constraints).

Each of the System Manager FPMs 730 process the data which is receivedfrom the Planner/Coordinator FPSM 704, and the data and statusinformation which is fed back from the AV sub-systems 740, and generateand send commands, instructions about the operation mode, andoperational parameters to the its subordinate execution sub-systems 740.

Each of the execution sub-systems 740, which constitutes the level 3103, send processed data, as well as information about task executionstatus, and systems health status, to its superior System Manager FPM.This information is further processed by the related System Manager FPM.System Managers FPMs 730, and Flight Manager FPM 720, send informationrelated to plan execution status, system health status, and detected orrecognized events to the Mission & System Monitor FPSM 703, which is oneof the sub-modules in the Mission Manager FPM 700. Based on thisinformation, further processing is conducted by the Mission & SystemMonitor FPSM 703, using computing means, to determine the system status,and to recognize the occurrence of exceptional events. The report onmission status is delivered to the Mission Supervisor/Sequencer FPSM702, where the occurrence of an exceptional event is reported to theExceptional Events Handler FPSM 705.

The Exceptional Events Handler FPSM 705 maintains decision maps whichare in the form of conditional decision trees, each called a ResponseDecision Tree--RDT. Each decision tree maps an exceptional event, into adecision on the responsive action that has to be taken in, order tominimize the effect of the exceptional event. Based on its internaldecision maps, the Exceptional Events Handler FPSM 705 determines theresponsive action to be taken. This decision on the response is send tothe Mission Supervisor/Sequencer FPSM 702, and to thePlanner/Coordinator FPSM 704.

Attention is now given to the those modules, in FIG. 7, which arerelated to the flight, guidance, navigation and, control functions.

In the present invention, the AV is considered to employ two guidancemodes, alternatively. a) Trajectory Guidance Mode b) Cue-Driven GuidanceMode. If desired, other guidance modes may be employed, e.g., "followthe camera", where the camera is steered by a man-in-the-loop.

In a Trajectory Guidance Mode, a reference trajectory which is generatedby the Trajectory Planner and Generator FPSM 722 on the basis of theroute plan segment assigned thereto by the MM (which as recalled definesa flight route in functional terms, i.e. an ordered sequence of WPs tovisit and timing data) is fed as the input signal 761 to the GuidanceFPSM 762. There are several approaches to define a reference trajectoryto the Guidance FPSM 762. Possible approaches, e.g., define a legbetween two waypoints, namely, define flight direction, flight altitude,and flight speed, or, define a waypoint to go to, or, define thetrajectory to be tracked, by moving a "virtual target", or defineclimbing rate/slope. Other approaches to the definition of a referencetrajectory, may be employed, if desirable. In this mode, also termed"instrumented flight", the Guidance FPSM 762 employ trajectory trackingguidance algorithms, which generate, by computing means, the requiredsteering commands 763 to the Autopilot FPSM 764. There are several typesof trajectory tracking guidance algorithms, which are known to thosewhich are skilled in the art. The input information to the guidancealgorithm which generate the steering commands include: referencetrajectory, guidance mode and guidance law parameters 760, and thecurrent navigation data which is transmitted from the Navigation System770.

In a Cue-Driven Guidance Mode, the information about theLine-Of-Sight--LOS angles and, angular rate data, and if desirable, thelocation or, the location error of the object within the sensordetection plane, is fed from the Sensor 750, as the input signal 761, tothe Guidance FPSM 762. In this mode, the driving signal to the GuidanceSystem 762 come from the Sensor 750, and not from the Trajectory Plannerand Generator FPSM 722. In this mode, the sensor tracks an object,either a target, or a terrain feature, or any other object which is ofinterest, either as a mission goal, or as a supportive mean, e.g., foroptical navigation update. In this guidance mode, the AV flight isslaved to the signals from the Sensor 750. In the case of Cue-DrivenGuidance, the Guidance FPSM 762, may use well known guidance law, e.g.Proportional Navigation Guidance or, Pursuit Guidance, or any otherguidance law, as desirable. As instructed by the MissionSupervisor/Sequencer FPSM 702, the Flight Logic Module 721 may switchbetween the two guidance modes. According to the guidance law employed,and to input information, the Guidance FPSM 762 generate and send thesteering commands 763 to the Autopilot 764. The Autopilot 764 usecontrol laws, well known to experts in the art, to compute the desiredservo commands 765 to the Servo controller 766 of the engine throttleand of the fins, i.e., the aerodynamic steering surfaces. The Servocontroller works in a closed loop mode to generate the controlledelectrical voltage, or current, 767, which is then fed to the finsactuators, and engine throttle, combined designated as 768. A servo loop771 provides a closed-loop control of the fins and of the enginethrottle. The state of the fins and the engine, affect the dynamicbehavior of the AV, as represented by the AV dynamic mathematical model769. The AV motion is sensed by instruments of the Navigation System770, which also compute the AV location. Information from the NavigationSystem 770 is fed back to the Autopilot 764, and thus provides aclosed-loop flight control loop 772. Information from the NavigationSystem 770 is fed back to the Guidance FPSM 762, and thus provide aclosed-loop guidance loop 773, which is the most outer loop of the G, N& C functions 780.

FIG. 8 illustrates the mission level state graph, which is the highestlevel state graph of the AV, and which establishes the highest level ofthe MP hierarchy. In the present example, the AV mission state graph 800consist of (12) twelve states, two of which are terminating states. Thestates are: a) State 1, 801--"PRE-MISSION". b) State 2,802--"LAUNCH/TAKE-OFF". c) State 3, 803,--"CLIMB". d) State 4, 804,"CRUISE". e) State 5, 805,--"PATROL/SEARCH". f) State 6, 806,--"TARGETVALIDATION/WEAPON-TO-TARGET-ASSIGNMENT (WTA)". g) State 7,807,--"MISSILE LAUNCH". h) State 8, 808--"CRUISE TO BASE". i) State 9,809,--"DESCEND". j) State 10, 810,--"LANDING". k) State 11, 811,--"AVABANDONED". l) State 12, 812,--"SELF-DESTRUCTION". The interceptormissile which is launched from the AV, upon target detection andvalidation, has four states mission state graph 830: a) "LAUNCH", b)"MIDCOURSE", c) "TERMINAL HOMING" and, d) "DETONATE" on target, which bythis particular embodiment are not governed by the decision unit of theinvention.

Attention is now given to the AV state graph 800, State 1, 801, is the"PRE-MISSION" state, which takes place prior to launch, or take-off. Themain activities which take place while the AV is in state 1, 801, are:a) AV systems preparation, including: fueling, installation ofinterceptor missiles, maintenance procedures. b) performing BIT andother test, calibration, and alignment procedures, as required. c)downloading the MM MP and its subordinated nominal pre-planned SOPs aswell as the pertinent database. If desirable, further actions may beperformed. When all the pre-mission procedures and test are completedand succeeded, the AV is declared "AV READY", arrow 813. If the AVfailed to meet the test, it is declared "BIT FAILED", arrow 826, and themission state is transitted to terminal mission state 11, 811, "AVABANDONED". The meaning of "declared" is obviously, internally. In thiscase all the preparations for launch or take-off, are stopped. When theAV has been declared "AV READY", arrow 813, and a "LAUNCH COMMAND, arrow814, is issued by an authorized agent, the mission state is transitted,arrow 815, to state 2, 802, "LAUNCH/TAKE-OFF". If only one of the twoconditions is logical "TRUE", or, both conditions are logical "FALSE",no transition to state 2, 802, take place, and the mission state remainstate 1. While in state 2, 802, the AV is launched, or take-off.Take-off may be performed either automatically, or manually, in aremotely controlled man-in-the-loop mode. If a critical failureoccurred, while the AV is in any one of the mission states, state 2,802, through state 9, 809, a "CRITICAL FAILURE" condition, arrow 827, isdeclared, and the mission state is transitted to the terminal missionstate 12, 812, "SELF-DESTRUCTION" state. If desirable, for reasons ofsafety, the AV is not self destructed, particularly in state 2, 802, andin state 9, 809.

Upon the completion of a successful launch/take-off, arrow 816, "LAUNCHSUCCEED", the AV mission state is transitted to state 3, 803, "CLIMB".While in the "CLIMB" state, 803, the AV climb, usually with level wings(zero roll angle) and with pre-determined fixed climb rate, or fixedtrajectory angle. This state is terminated when the AV arrive in thedesired cruise altitude. Then, a "CRUISE ALTITUDE" condition 817 isdeclared, and the mission state is transitted to state 4 804, "CRUISE".While is state 4, 804, the AV is flying along the nominal, or theupdated route. Usually, the route is represented by a series ofWay-Points, WP, the geographic location of which, is determined. The WPsare interconnected by strait lines, termed "legs". Using the referencetrajectory as an input, see FIG. 7, and the current location, estimatedby the Navigation sub-system 770, the Guidance FPSM 762 generatessteering commands 763 according to the trajectory tracking guidance law,so the desired route, as represented by the reference trajectory, isexecuted.

When the AV arrives at the last planned cruise WP, which may also be thefirst WP of the Patrol Route, a "DESTINATION APPROACH" condition 818 isdeclared, and the mission state is transitted to state 5, 805,"PATROL/SEARCH". While in state 5, 805, the AV is travelling along thePatrol Route, the pattern of which is optimized for efficient coverageof the search space, or the suspected launching area.

During the flight, the Sensor sub-system 214 is operated in a searchmode, searching for tactical ballistic missiles, in their boost phase.If no target is detected, the AV is staying in the Patrol route,searching for targets. If the AV fuel level is approaching the level ofsafe return to base, or a non-critical failure occurred, the missionstate is transitted, arrow 820, to state 8, 808, "CRUISE TO BASE", andthe AV leave the patrol/search area.

If desirable, other factors may lead to leave state 5, 805, as well. Ifa target is detected, a "TARGET DETECTED" condition 819 is declared, andthe mission state is transitted to mission state 6, 806, "TARGETVALIDATION/WPA". The AV is keep flying along the patrolling route, whilethe Sensor sub-system 214 performs target tracking, either in a fulltracking mode or in a Track-While-Scan mode, and parameter estimation,for target validation/rejection. This process may, if desirable,incorporate data which is transmitted from other cooperating AVs. If thetarget is a valid target, a WPA process is initiated, resulting inassigning an interceptor missile to the tracked target. For the sake ofclarity, it is assumed that the assigned missile is onboard the AV underdiscussion. When a target is validated, and an interceptor missile isassigned, arrow 821, the mission state is transitted to state 7, 807,"MISSILE LAUNCH".

While being in state 7, 807, when launching conditions are met, aninterceptor missile is launched from the AV. The missile has four mainstate collectively designated 830. Launch state, Midcourse state,Terminal Homing state, and Detonate state. If the target validationprocess is failed, condition "NO VALID TARGET" 828 is declared and themission state is turned back to mission state 5 (805), i.e."PATROL/SEARCH".

After launching the missile, if the AV has more missiles onboard,condition "MORE MISSILES" 823 exist, and the mission state is turnedback to mission state 5, 805, "PATROL/SEARCH", keep patrolling along thePatrol Route, searching for a new target. If no more missiles areonboard, condition "NO MISSILES" 822 exist, and mission state istransitted to state 8, 808, "CRUISE TO BASE". While the AV is cruisingto the base, the operation of the AV systems is very similar to theassociated operation while the AV is in mission state 4, 804, "CRUISE".Again, the route may be represented as a series of interconnected WPs,or the route is heading directly to home base.

The cruise altitude of the AV while in state 8, 808, may be differentfrom the cruise altitude in state 4, 804, as desirable. When the AVapproach the base, an "APPROACH BASE" condition is declared 824, and theAV enter a descend phase, entering a mission state 9, 809, "DESCEND".Upon approaching the runway, condition "APPROACH RUNWAY" 825, isdeclared, and the mission state is transitted to state 10, 810,"LANDING". While in state 10, 810, the AV perform landing, and runwaytravelling, until a full stop is achieved. The landing operation may bedone manually, by a remotely man-in-the-loop operator. This is the finalstate of the AV in the present invention.

For a better understanding, an example is now given to theinterrelations and to the information exchange between the MissionManager FPM 201 in level 1, and the Flight Manager FPM 202 and theNavigation Manager FPM 203 in level 2, as well as between the latter twoFPMs, and the Flight and Guidance subsystem 212 and the Navigationsubsystem 213 in level 3. The description is within the context of theexecution of a specific mission segment, in the present example--thecruise flight toward the target area. It is assumed, for the sake ofclarity of the present invention, that the AV is on mission, at missionstate 4 CRUISE 804, FIG. 8, executing cruise flight to the destination,along the route which is defined in the Cruise Flight Plan. Before theAV is transitted to its mission phase/state 4 CRUISE 804, theappropriate Mission Plan segments, i.e., the Cruise Flight Plan and theNavigation Plan for the mission phase/state 4 CRUISE 804, or segmentsthereof, are transferred from the Mission Manager FPM 201 in level 1, tothe Flight Manager FPM 202 and to the Navigation Manager FPM 203, bothin level 2, respectively. The above mentioned plans are downloaded formthe Memory and Data Base 409, to the Active Plan Memory 410. Then,following a timing data from the Mission Supervisor/Sequencer FPSM 401,it is transferred to the System Managers Coordinator EPSM 402, and viathe system buses, to the Flight Manager FPM 202 and to the NavigationManager FPM 203. The system Managers Coordinator FPSM 402, coordinatesthe operation of the System Manager FPSMs by synchronizing theiroperation, and by coordinating data. In certain circumstances, one ofthe System Manager FPSMs is determined as the master, where other SystemManager FPSMs are enslaved to its operation. The segment of the FlightPlan which is associated with the mission phase/state 4 CRUISE 804,comprise of an ordered sequence of WPs which together constitute acruise route. The first WP in the sequence is referred to, as the cruiseorigin WP, where the last WP in the sequence, is referred to, as thecruise terminal WP. In the specific example, the terminal WP may be inthe vicinity of the target area. The Cruise Flight Plan may be organizedin a form of a table, where each WP in the route, is associated with thefollowing data: a) WP index, i.e., the location of the WP in the orderedsequence, e.g., first, second. This order determine the order ofvisiting the WPs along the route, b) geographic location, e.g., WPgeographic longitude and geographic latitude. Other forms of geographiclocation representation, e.g., UTM (Universal Transverse Mercatorprojection) coordinates, may be used, c) WP altitude above sea level, d)route schedule being, collectively, the task assigned to the flightmanager, defined in a functional manner. Further data may be included,or omitted, if desirable.

Further data is sent from the Mission Manager FPM 201 in level 1, to theFlight Manager FPM 202, along with the Cruise Flight Plan. First, theindication of the transition of the mission state from mission state 3CLIMB 803, to mission state 4 CRUISE 804, is delivered to the FlightManager FPM 202. Secondly, the mode of operation. In the presentexample, the mode of cruise flight is determined by the Mission ManagerFPM 201, and is delivered as an instruction to the Flight Manager FPM202. Possible modes of cruise flights are: a) fly to WP, heading all thetime towards WP--also termed as pursuit guidance, b) fly at a fixedaltitude and at a fixed heading, c) fly along a predetermined routesegment, connecting two successive WPs (forming part of the parametersassociated with said task). Operation data is also send, as desired,from the Mission Manager FPM 201 to the Flight Manager FPM 203. TheOperation Data may further include: a) cruise altitude, b) schedule, ortime of arrival at each WP, c) schedule tolerance, d) the AV headingwhile ingress at the cruise origin WP, and while egress the cruiseterminal WP, e) weather information, f) various limitations, orrestrictions, if applicable, to the operation of the subsystems, e.g.,maximum time of AV engine operation with full RPM, due to engine heatingproblems. The stipulations a-d and a-f above form the parameters andconstraints associated with said task.

All the data regarding flight plan, operation mode, operation data, andmission state, is sent to the Flight Manager FPM 202, and then stored inits local Memory and Data Base, which in the generic System Managerfunctional architecture, FIG. 5, is numbered as 504. Based on the datawhich is received from the Mission Manager FPM 201, the Data Processingand Local Planner FPSM of the Flight Manager FPM 202, which in thegeneric System Manager functional architecture, FIG. 5 is numbered as503, plan and generic a detailed cruise trajectory plan, to be executedby the Flight and Guidance subsystems 212.

The detailed cruise trajectory plan define the following parameters: a)guidance mode along each route segment, b) flight altitude along eachroute segment, c) climb or, descend rate, or angle, along each routesegment, d) flight velocity, fixed or variable along each route segment,e) heading along each route segment, f) arrival time at each WP alongthe route, g) turning radius and turning rate at each WP, when the AV istransitted from one route segment, to its successor route segment. Thedetailed cruise trajectory plan is stored, temporarily, in the FlightManager's Memory and Data Base, numbered 504, in the generic SystemManager functional architecture, FIG. 5. The Flight Manager's SystemSupervisor/Sequencer, numbered 501 in the generic System Managerfunctional architecture check, continuously, if the transitionconditions to another cruise flight phase/state are met.

Examples of cruise flight phase/states, which are states that areinternal to the flight system, may include: a) flying along a routesegment, b) turn to a successor route segment. Once the transitionconditions are met, the Flight Manager's System Supervisor/SequencesFPSM 501, transit the flight phase/state, to another flight phase/state,and report the new phase/state, as well as timing information to theFlight Manager's Active Plan Memory FPSM 505, to the Flight Manager'sSystem Monitor FPSM 506, and to the Flight Manager's DataProcessing/Local Planner FPSM 503, as part of the Plan/Process Commanddata. The active cruise trajectory plan, which is the System OperationPlan--SOP of the Flight and Guidance subsystem 212, to be executedduring the next phase/state, is transitted from the Flight Manager's 202Memory and Data Base unit 504, to its Active Plan Memory 505, whichmaintain the active flight System Operation Plan. If desirable, theSystem Operation Plan--SOP, which is executed may be updated, by theFlight Manager's Data Processing/Local Planner FPSM 503. A segment ofthe trajectory plan is sent to the Flight and Guidance SubsystemCoordinator FPSM 502, which then issue coordinated flight and guidanceinstructions and commands to its subordinate Flight and Guidancesubsystem 212. The coordinated instructions and commands are deliveredto the Flight and Guidance subsystems via 511", and via modules 508,509, 510.

Information which is delivered from the Flight Manager FPM 202, up tohierarchy, to the Mission Manager 201, include: a) execution status ofthe cruise flight, i.e., what portion of the cruise route has beenaccomplished, what WPs has been visited, actual execution scheduling,and related exceptional events, b) health status of the flightsubsystems, e.g. engine status, fins servo status, instrumentationstatus, and, resource level, i.e., fuel level, as well as relatedexceptional events. In the case that a cruise trajectory replanning or,modification is required, the Flight Manager's SystemSupervisor/Sequencer FPSM 501 send a Plan/Process Command to its DataProcessing/Local Planner FPSM 503, to perform a cruise trajectoryreplanning. The Plan/Process Command include data regarding: a) plantype-in the present example, a cruise trajectory plan, b) local planningintialization and synchronization parameters, e.g., geographic locationof the trajectory origin and of the trajectory termination, c) time tocomplete the cruise trajectory re-planning. Further data may be includedin the Plan/Process Command, if desirable. When the AV is performing itsCRUISE mission phase/state 4 804, The Data Processing/Local Planner FPSM503 mainly employ procedures for cruise trajectory planning, and forcruise schedule planning. Further planning procedures may be employed,if desirable. Following the flight and the guidance instructions andcommands, which are issued by the Flight Manager FPM 202, the Flight andGuidance subsystems 212, generate the necessary internal commands, inputreference signals and control set points, to the guidance, autopilot,engine and fin servo control loops, which perform their tasks underclosed loop, or, open loop control. Typical control loops which may beactivated in the cruise flight are: a) altitude control loop, b) headingcontrol loop, c) velocity control loop, d) aerodynamic surfaces anglecontrol loop, e) engine throttle control loop. Other control loops maybe used, if desirable. Information regarding the execution status of theFlight and Guidance subsystems 212, the occurrence of exceptional eventsassociated with the Flight and Guidance 212 subsystems, and the healthstatus of the Flight and Guidance subsystems 212, is reported to theFlight System Monitor FPSM 506, of the Flight Manager FPM 202. TheFlight Manager's System Monitor 506, checks and correlates data which itreceived from the Flight and Guidance subsystem 212. When the occurrenceof exceptional events is detected, a report is sent to the FlightManager's Exceptional Event Handler FPSM 507. This module also acceptsdata and status reports directly, via 510, 509 and 508. According to thespecific exceptional event which has been detected, unit 507 run RDT, todecide on the response to be taken as a reaction to the exceptionalevent. The response which is selected, is then reported to the FlightManager's System Supervisor/sequencer 501, and to the Memory and DataBase 504.

When the AV is transitted to the CRUISE mission state 4 804, theNavigation Plan for this mission state is transferred from the MissionManager FPM 201, to the Navigation Manger FPM 203. Data which is alsotransmitted to the Navigation Manager FPM 203, on entering the cruisestate, along with the Navigation Plan, include: a) mission state, i.e.,CRUISE mission state, b) navigation operation mode. The Navigation Planmay include data on: a) the required navigation accuracy along thecruise route, b) scheduling of activating/utilization of navigation datasources, e.g., when and where along the cruise route, to use only INS,because a certain area is suspected as subject to GPS spoofing, and whenand where to use INS and GPS, in combination, c) estimated availabilityand confidence of navigation data sources. The navigation operation modedetermines the combination of navigation data sources andinstrumentation to be used during the cruise flight, or part thereof.Examples of navigation modes, during the cruise state, may include: a)INS navigation, updated by GPS, b) INS navigation updated by adifferential GPS navigation system, c) INS navigation, updated by aradio-navigation system, other than GPS, e.g., LORAN-C or OMEGAradio-navigation system, d) a stand alone INS, without any updatingmeans, i.e., a pure dead reckoning navigation mode, e) similar to a),b), c), or d), but with an instrumentation cluster consisting of avertical gyro, a tri-axis north-finding (magnetic) magnetometer, and anair data measurement unit, in lieu of the INS. Other configurations ofnavigation instruments may be used, if desirable. Based on the receiveddata, the Navigation manager's Data Processing/Local Planner FPSM 503,plan a more detailed Navigation Plan, and send it when applicable, tothe Navigation Manager's memory units 504 and 505, and via theNavigation manager's Subsystem Coordinator FPSM 502, and units 511",511, 508, 509 and 510, to the Navigation subsystem 213, for execution.The Navigation Plan determines, by schedule, what are the navigationdata sources to be used, at cach segment of the cruise flight. TheNavigation subsystem 213, performs the navigation functions according tothe Navigation Plan, and use the appropriate processing modules, e.g.,navigation calculation, Kalman-Filters, within the Navigation subsystem213, to accommodate the available navigation data sources. Data on theNavigation Execution status, e.g., estimated navigation accuracy, alongwith data regarding the health status of the navigation subsystem, e.g.,gyros, accelerometers, GPS receiver, is delivered to the NavigationManager FPM 203, by the Navigation subsystem 213. If an exceptionalevent is recognized, by the Navigation System Monitor 506, within theNavigation Manager FPM 203, the occurrence of this event is reported tothe Navigation Manager's Exceptional Event Handler FPSM 507, whichactivates a decision process, based on a RDT search. The responsibilityof that particular Exceptional Event Handler FPSM 507, is limited tonavigation related decisions only, e.g, a decision to change the modeor, to transit the state of the Navigation subsystem 213, from a currentnavigation state, to another navigation state. Also delivered from theNavigation subsystem 213, to the Navigation Manager FPM 203, isnavigation data, which is used, during the cruise flight, by the flightand guidance subsystem. The navigation data include: a)geographiclocation of the AV, b) AV altitude above sea level, c) AV velocityvector, d) AV heading angle, e) AV body angles--pitch and roll angles,f) AV angular body rates, g) wind vector--direction and velocity.Further information may be used, if desirable. The following informationitems are sent from the Navigation Manger FPM 203, up the hierarchy, tothe Mission Manager FP 201: a) navigation execution status, b)navigation subsystem health status, c) reduced set of navigation data,e.g. AV location, AV altitude, wind information. If desirable, otherelements of navigation data may be sent, d) detected navigationcountermeasures.

FIG. 9 is a schematic illustration of the possible categories, ofexceptional event handling procedure.

The responses to exceptional events, may be grouped into two categories,depending on whether the factor, or the element which cause the eventhas been identified, or not. In the present invention, the ability torespond to an exceptional event, is not conditioned on theidentification of the cause to the exceptional event. When anexceptional event is detected, 900, two possible situations may exist:

a) the cause of the exceptional event is identified, 901, or, the causeof the exceptional event is not identified, 903. In the case of causeidentification, 901, a certain action is performed, 902, according tothe Response Decision Tree--RDT which is relevant to the identifiedcause, in order to minimize the unwanted effect. In the case where nocause of the event is identified, 903, the event handling process ismore complex. A hypothesis is selected, 904, and an action is performed,905, based on the selected hypothesis. The response to the action 905,is then examined. If the response is as was predicted, 907 namely, thehypothesis is assumed to be verified, an action 909 is taken, based onthe hypothesis, in order to minimize the unwanted effect. If theresponse is not as was predicted, the hypothesis is false 908, and theprocess of hypothesis selection, 904, is iterated. The two categories ofdecision on responsive action are implicitly embedded within the RDTs.

FIG. 10a-b illustrate two typical examples of Response DecisionTree--RDT, to exceptional events. It is assumed, for the sake ofclarity, that the exceptional events in the examples, occur while the AVis in the "CRUISE" mission state 804, see FIG. 8.

FIG. 10(a) is a simplified RDT to the exceptional event: "SCHEDULE₋₋LAG". FIG. 10(b) is a simplified RDT to the exceptional event: "GPS₋₋LOSS". A typical number of RDTs for the AV may vary between 70 to 100,RDTs. In FIG. 10(a), the event of "SCHEDULE₋₋ LAG" 1001 is detected, bythe Mission and System Monitor FPSM 703, (in FIG. 7) in the MissionManager FPM 700. Following arrow 1002, the wind conditions, i.e., winddirection and wind speed, which are calculated by the Navigationsubsystem 770, are read, 1003. Then, the engine speed, in RPM, ischecked, 1004. If the RPM is at maximum, i.e. RPM=MAX RPM, then branch1005 is followed, else, branch 1009 is followed. In the formercondition, the RDT branch 1005 is followed, and the cruise route isreplanned, activity 1006, by the Planner/Coordinator FPSM 704. Upon thecompletion of the replanning process, the route plan is updated, 1007,and the cruise flight is continued, 1008, according to the updated plan.If in checking the RPM, 1004, it is found that RPM<RPM MAX, then arrow1009 is followed, and a calculation process 1010 is performed, in orderto predict the possible schedule in case that the AV will fly in maximumRPM in the pre-determined route. The predicted schedule is then checked,1011, and in the case that it is within the permitted limits, branch1013 is followed, else, branch 1012 is followed. In the case that theschedule can be met by increasing the RPM to RPM MAX, branch 1013, theaction 1014, to be taken is to increase the RPM to RPM MAX, and tofollow the pre-determined route, i.e., to continue the cruise flight,1008, with increased velocity. If increasing the RPM to RPM MAX is notsatisfactory, for the purpose of schedule keeping, branch 1012, thecruise route has to be replanned, by process 1006, followed by 1007, and1008.

In FIG. 10(b), the event of "GPS₋₋ LOSS" 1020 is detected, by theNavigation sub-system 770 and reported to the Mission and System MonitorFPSM 703, (in FIG. 7) in the Mission Manager FPM 700. Follow arrow 1021,the elapsed time T, from GPS loss is checked routinely, 1022, andcompared to a threshold time T1, 1023. If the elapsed time T is greaterthan the threshold T1, branch 1024 is followed. Else, branch 1029 isfollowed. If the elapsed time T is still smaller, or equal to T1, thenavigation process, which is performed by the Navigation subsystem 770,is based on information from the INS, and the most recent readings fromthe GPS, when it was available, 1030.

A Kalman-filter is used to combine the navigation information sources,in the best available way. The process 1030, is followed by routineupdates of the navigation calculations, 1027, where the specificnavigation configuration, i.e., what are the sources of the navigationinformation, is taken into account. After the navigation calculationsare updated, 1027, the routine is iterated, following arrow 1028. Oncethe elapsed time T exceed T1, branch 1024 is followed, and the backupradio navigation, e.g., LORAN-C, is being active in lieu of the GPS,1025. Then, the Navigation process performed by the Navigation subsystem770 is based on information from the INS and from the radio navigationsystem, combined by a Kalman-filter 1026. Process 1026, is followed byupdating the navigation calculations, 1027. The cycle which followarrows 1028, and 1021 is iterated, unless the GPS information isrecovered and available, again.

FIG. 11 is a schematic illustration of the response combination process,which is a part of the Exceptional Event Handler FPSM 705, in theMission Manager FPM 700 of FIG. 7 (FIG. 4). For the sake of clarity, weconsider, in the present example, that three exceptional events areoccurred simultaneously. The Mission and System Monitor FPSM 703,detects the occurrence of Event A 1101, Event B 1102, and Event C 1103.The occurrence of the three events is reported to the Exceptional EventHandler FPSM 705. Within the Exceptional Event Handler FPSM 705, threeRDTs are run concurrently, each RDT for a specified single event. RDT A1104, is run to determine the individual Response A 1107 for theindividual Event A 1101. RDT B 1105 is run to determine the individualResponse B 1108 for the individual Event B 1102. RDT C 1106 is run todetermine the individual Response C 1109 for the individual Event C1103. The RDTs are fed with data 1110 which is required for the decisionmaking, e.g., mission state, geographical location, wind conditions. TheDecision on Priority FPSM 1111, determines the priority of the responsesto the individual exceptional events, according to risk criteria, and totime criticality. The highest is the potential risk, or the most timecritical is a certain event, the highest is the priority.

Preferably, but not necessarily, the criteria, in decreasing order ofpriority, are: a) time criticality or, risk of immediate mission loss.b) risk to probability of success or, risk of possible future missionloss. c) risk of performance degradation. d) risk to people or,equipment, including AV. e) save of resources. Other criteria, orcriteria priority may be used, if desirable.

The inputs to the Decision on Priority FPSM 1111, include: a) indicationof the exceptional events, Event A 1101, Event B 1102, Event C 1103. b)the associated individual responses, Response A 1107, Response B 1108,and Response C 1109, respectively. c) information vector 1112 whichinclude: mission context, mission state, sub-systems state and status,decision parameters. Based on the inputs, and on the decision criteria,the response priority is determined, and reported thereafter 1113 to theFPSM 1114. Special attention is given to exceptional events which aretime critical, e.g., obstacle detection. According to the ResponsePriority 1113 information, the Decision on Combination Mode FPSM 1114determines the Combination Mode 1115 to be used in order to generate acombined response, to the three simultaneous individual events.

As will be explained in greater detail with reference to FIG. 12, fourmodes of response combination are considered: a) Critical conflict mode.b) Competitive conflict mode. c) Cooperative mode. d) Complementarymode. Given the individual responses 1107, 1108, 1109, and theCombination Mode 1115, the Response Combination FPSM 1116, generate aCombined Response 1117, which is then delivered to the MissionSupervisor/Sequencer FPSM 702, and to the Planner/Coordinator FPSM 704.

Four modes of response combination, in case of concurrent exceptionalevents, are illustrated by FIGS. 12a-d.

FIG. 12(a): Critical conflict combination mode 1200. FIG. 12(b):Competitive conflict combination mode 1210. FIG. 12(c): Cooperativecombination mode 1220. FIG. 12(d) Complementary combination mode 1230.For the sake of clarity, and by a way of example only, each schemeillustrate the combination of two responses only.

In FIG. 12(a), two exceptional events which occur simultaneously areconsidered. An "OBSTACLE₋₋ DETECTION" event, 1201, and a "THREAT₋₋DETECTION", event, 1201. The response, 1203, to the "OBSTACLE₋₋DETECTION" event, 1201, is to go up, i.e., to increase the flightaltitude. The response, 1204, to the "THREAT₋₋ DETECTION" event, 1202,is to fly in a lower altitude. The responses are combined, 1207,according to the Combination Mode and Weights 1205, and 1206 that wasdetermined by FPSM 1114, FIG. 11. In the present case, a Criticalconflict combination mode 1200, is used, where the strategy ofcombination is "WINNER-TAKE-ALL". The Weight 1205, is far more dominantthan the Weight 1206, since the event 1201 is time critical and veryrisky to the mission. In this case, the flight altitude is determined bythe occurrence of event 1201 only. The Combined Response 1208 is thentransmitted to the Mission Supervisor/Sequencer FPSM 702, and to thePlanner/Coordinator FPSM 704. In FIG. 12(b), two exceptional eventswhich occur simultaneously are considered. A "HIGH₋₋ FUEL₋₋ COMSUMPTION"event, 1211, and a "THREAT₋₋ DETECTION" event, 1202. The response, 1212,to the "HIGH₋₋ FUEL₋₋ CONSUMPTION" event, 1211, is to go up, i.e., toincrease the flight altitude. The response, 1204, to the "THREAT₋₋DETECTION" event, 1202, is to fly in a lower altitude. The responses arecombined, 1215, according to the Combination Mode and Weights 1213, and1214 that was determined by FPSM 1114, FIG. 11. In this case, aCompetitive conflict combination mode 1210, is used, where the strategyof combination is to weight the contribution of each response, accordingto the relative weight. In this case, the flight altitude is determinedas the weighted combination of both responses. The Combined Response1216, which determine the flight altitude, is then transmitted to theMission Supervisor/Sequencer FPSM 702, and to the Planner/CoordinatorFPSM 704.

In FIG. 12(c), two exceptional events which occur simultaneously areconsidered. A "HIGH₋₋ FUEL₋₋ CONSUMPTION" event 1211 and an "ALTIMETER₋₋FAILURE" event. The response to the latter 1221, is to go up, i.e., toincrease the flight altitude, and the response, 1222, to the"ALTIMETER₋₋ FAILURE" event, 1221, is also to increase the flightaltitude. The two individual responses are then combined, 1225,according to the Combination Mode and Weights 1223, and 1224 that wasdetermined by FPSM 1114, FIG. 11. In this case, a Cooperativecombination mode 1220, is used, where the strategy of combination is toweigh the contribution of each response, according to the relativeweight. In this case, the flight altitude is determined as the weightedcombination of both responses. The Combined Response 1226, whichdetermine the flight altitude, is then transmitted to the MissionSupervisor/Sequencer FPSM 702, and to the Planner/Coordinator FPSM 704.

In FIG. 12(d), two exceptional events which occur simultaneously areconsidered. A "THREAT₋₋ DETECTION" event, 1230, and a "NAVIGATION₋₋FAILURE" event, 1232. In the present case, the response, 1231, to the"THREAT₋₋ DETECTION" event, 1230, is to activate onboardcountermeasures. The response, 1233, to the "NAVIGATION₋₋ FAILURE"event, 1232, is to increase the flight altitude. The two individualresponses are exclusive to each other, and accordingly the combination1236 process is just to add the individual responses, according to theCombination Mode and Weights 1234, and 1235 that were determined by FPSM1114, FIG. 11. In this case, a Complementary combination mode 1230, isused, where the strategy of combination is to add the two responses. TheCombined Response 1237, which determined the operations to be taken, isthen transmitted to the Mission Supervisor/Sequencer FPSM 702, and tothe Planner/Coordinator FPSM 704.

FIG. 13 illustrates a typical architecture of the AMC computer system.The need to achieve high level of architecture flexibility, and toallocate variety of FPMs and FPSMs to hardware units, calls for anarchitecture which includes heterogenous computing means, e.g., acombination of general purpose CISC microprocessors, RISC typemicroprocessors, DSP type microprocessors and micro-controllers. Itshould be noted, however, that the hardware realization that is shown inFIG. 13, is only one of many possible variants, and accordingly theactual hardware realization depends upon the particular application.

The architecture shown in FIG. 13 consists of seventeen units,designated U1 through U17. If desirable, the number of units may begreater or, smaller. The architecture comprise of two buses--a GlobalBus 1318, (210 in FIG. 2) which connects all the units, and a fast DataBus 1319, (211 in FIG. 2) which connect only some of the units. TheGlobal Bus 1318 may be a standard serial bus, e.g. a MIL-STD, 1553Bstandard bus, for control and low volume data transfer between allunits, where the Data Bus 1319, may be a standard fast parallel bus,e.g. a VME bus, for high data rate. If desirable, additional units maybe connected or, disconnected to and from the buses, respectively.

The AV sub-systems may be connected to the buses 1318 and 1319, via aninterface. If desirable, only one bus may be used for the functions ofthe global bus and the data bus, or, more than two buses may be used.Also, if desirable, other types of buses, or bus standards may be used.

Unit U2 1302 is the host processor, usually of the CISC type, whichaccommodates two identical processors. In a nominal operation, one isoperating and one is in a stand-by position, as a back-up. The operationof unit U2 is monitored by unit U1 1301, which may be implemented by amicro-controller. If the operating processor of unit U2 1302 is failed,U1 1301 activates the other unit, and switched between the two units forreplacing, functionally, the failed unit by the back-up one. Unit U31303 is a decision processing unit, which performs, mainly, integer or,fixed point mathematical operations. It may use either a CISC type or aDSP type processor. Unit U4 1304 is the planning processing unit, itexecutes massive calculations, and performs a combination of bothfixed-point and floating point calculations. A RISC type processor ispreferably utilized for this unit.

Unit U5 1305 is the simulation processing unit. It performs real-timesimulations and performance prediction. It also performs bothfixed-point and floating point calculations. A RISC type processor ispreferably utilized for this unit. Unit U6 1306 is the global memory andDB memory unit.

Units U1 1301, U2 1302, U3 1303, U4 1304, and U5 1305, execute the FPSMsof the Mission Manager FPM 201 in FIG. 2. The flight related processingunits 1320, includes of two units. Unit U7 1307 is the Flight Managerprocessing unit, which perform the FPSMs of the Flight Manager FPM 202in FIG. 2. A RISC type processor is preferably utilized for this unit.

Unit U8 1308 is the Flight processing unit which performs the guidanceand control FPSMs 762, 764 and partly, 766 in FIG. 7. A CISC typeprocessor may be appropriate for this unit.

The Navigation related processing units 1321, includes three units. UnitU9 1309 is the Navigation Manager processing unit, which perform theFPSMs of the Navigation Manager FPM 203 in FIG. 2. A CISC type processormay be appropriate for this unit. Unit U10 1310 is the TerrainNavigation processing unit, which perform Terrain Reference Navigation,when desirable. A CISC type processor may be appropriate for this unitand unit U11 1311 is the Navigation processing unit, which performs allthe navigation calculations which support the Navigation subsystem 770in FIG. 7, or 213 in FIG. 2. A CISC type processor may be appropriatefor this unit.

The Sensor related processing units 1322, also includes three units,i.e. unit U12 1312 is the Sensor Manager processing unit, which performsthe FPSMs of the Sensor Manager FPM 204 in FIG. 2. A CISC type processormay be appropriate for this unit; unit U13 1313 is the Matching processunit, which is dedicated to signal processing and pattern matching andrecognition procedures. This unit may employ a DSP processor, and Unitu14 1314 is the Seeker processing unit which performs all the seeker lowlevel signal handling and enhancement algorithms, as well as the seekerservo and control functions. A RISC type processor may be appropriatefor this unit.

Unit U15 1315 is the Utility processing unit. It performs the FPSMs ofthe Payload Manager FPM 205 and the Auxiliary Systems Manager FPM 207,in FIG. 2. The implementation of this processing unit may be based on amicro-controller. Unit U16 1316 is the Communication Manager processingunit which performs the FPSMs of the Communication Manager FPM 206 inFIG. 2. The implementation of this processing unit may also be based ona micro-controller, or on dedicated communication processor.

If desirable, one processing unit may comprise of more than one physicalprocessor. Also, one processing unit may optionally execute more thanone FPM or FPSM, or, a FPM or a FPSM may be executed by more than oneprocessing unit.

Unit U17 1317 is an Input/Output (I/O) controller, which provides datacommunication interface to external data links, e.g. RS-422 serial link,MIL-STD 1553B avionics serial bus, and VME parallel bus. The Global Bus1318 connects all the units, U1 through U17. The Data Bus 1319 connectsunits U3 1303, U4 1304, U5 1305, U6 1306, U7 1307, U10 1310 and, U131313. If desirable, other computer architectures may be implementedand/or other types of processors may be used, in lieu of the processortypes which were mentioned above.

FIG. 14 illustrates a fleet of Autonomous Underwater Vehicles--AUVs, ina Mine Clearing application. Each AUV use an AMC onboard.

FIG. 15 illustrates a land warfare application, where each of theUnmanned Ground Vehicles, uses an AMC onboard.

FIG. 16 illustrates schematically a space application of AV whichutilized embedded AMC onboard.

The present invention has been described with a certain degree ofparticularity but it should be understood that various modifications andalteration may be made without departing from the scope or spirit of theinvention as defined by the following claims:

What is claimed is:
 1. In a vehicle designed for the execution of amission, a programmable decision unit for managing and controlling theexecution of the mission by utilizing a plurality of subsystems anddatabase means for holding and managing data including pre-stored dataand data acquired by and received from said plurality of subsystems,which programmable decision unit comprises a mission plan (MP), foraccomplishing the execution of said mission that utilizes said database,the MP comprising:(a) a plurality of states each being a mission staterepresenting a mission segment to be executed by at least one of thesubsystems and including mission states that are defined as "missionstart", "mission complete" and "mission failed"; and (b) a plurality ofarcs linking said states and each signifying transition conditionsbetween two mission states which it links; the operation of managing andcontrolling the execution of the mission includes a succession ofiterations that include each:(i) assignment of a mission segmentassociated with a current mission state to at least one of saidsubsystems; (ii) receipt from the subsystems of report data whichinclude data indicative of the execution status of said mission segmentby said at least one subsystem; (iii) evaluation of said report data fordetermining at least either of normal behavior and exceptional event;and(iii.1) in response to normal behavior, either staying in currentmission state of the MP or transiting from the current mission state ofthe MP to another in the case that said report data, or portion thereof,satisfy said transition conditions; or (iii.2) in response toexceptional event eliciting a responsive action in order to accomplishthe execution of said mission; said programmable decision unit managesand controls the execution of said mission in essentially autonomousfashion.
 2. The decision unit according to claim 1, being capable ofclassifying said exceptional event as belonging to a first group,constituting a replanning group, or a second group, constitutingnon-replanning group, and in response to a first group classification,said decision unit activates an associated planner module, for shorttime, while-on-mission, modifications of said mission plan eitherpartially or in its entirety.
 3. The decision unit according to claim 2,wherein said responsive action being one of the following a to hoptions:a) no change at all, keep executing said MP, no change ofmission state; b) make a minor modification in the MP, or a parameterthereof with no change of mission state, then update the database andexecute the modified MP; c) transit the mission state to a new missionstate of the MP, not according to a regular transition sequence; thenexecute the MP, while being at the new mission state; d) select a new MPout of the bank of pre-stored MP according to a selection criteria, thenupdate the database, and execute the new selected MP; e) select andcombine pre-stored MPs, or pre-stored MP segments thereof, into a newcombined MP, then, update the database and execute the combined MP; f)re-plan an alternative MP or segments thereof by utilizing said plannermodule; then update the database and execute the replanned MP; g)reconfigure the AV either by replacing an inoperative device or modulein a subsystem, by an identical backup device, or activate other modulesin the subsystem; then continue according to the MP; and h) select acrisis recovery MP, out of a bank of pre-stored crisis recovery MPsaccording to selection criteria; then update the database and executethe selected crisis recovery MP.
 4. The decision unit according to claim1, wherein said MP is downloaded, in its entirety, to said databaseprior to departure to said mission.
 5. The decision unit according toclaim 2, wherein said portion of said MP is downloaded prior todeparture to said mission whereas the remaining portion thereof isplanned by said planner module while-on-mission.
 6. The decision unitaccording to claim 2, wherein said planner module employs at least oneof the following techniques: dynamic programming Dijkstra, neuralnetwork, genetic algorithm, linear programming, gradient search, Newtonsearch, heuristic, simulated annealing, integral equations, differentialequations, difference equations, fuzzy models, random search, learningtechniques non-linear programming, digital filters, continuous timefilters, A*, unimodel search and multi-model search.
 7. The decisionunit according to claim 2, wherein said planner module generates atleast two MPs having each a plan score assigned thereto in accordancewith predetermined criteria; said planner module selects the MP havingthe highest score.
 8. The decision unit according to claim 7, whereinsaid planner module further comprising a simulator sub-module forsimulating the operation of each one the at least two MPs for assigningthereto said score.
 9. The decision unit according to claim 8, whereinsaid simulator module employs at least one of the following techniques:dynamic programming, Dijkstra, neural network, genetic algorithm, linearprogramming, gradient search, Newton search, heuristic, simulatedannealing, integral equations, differential equations, differenceequations, fuzzy models, random search, learning techniques non-linearprogramming, digital filters, continuous time filters and A*.
 10. Thedecision unit according to claim 1, wherein said decision unit isresponsive to, essentially simultaneous at least two of said events, forgenerating a combined response.
 11. The decision unit according to claim10, wherein said combined response is dependent upon at least one of thefollowing factors: the degree of the abnormal event, the system state,the mission context, the sub-system status, risk to missionaccomplishment and the priority of responses.
 12. The decision unitaccording to claim 10, wherein said combined response follows one of thefollowing four modes:a) critical conflict mode; b) competitive conflictmode; c) cooperative mode; and d) complementary mode.
 13. The decisionunit according to claim 1, wherein said MP has at least two "missioncomplete" states.
 14. The decision unit according to claim 1, whereinsaid MP has at least two "mission fail" states.
 15. The decision unitaccording to claim 1, wherein said report data is received by employingeither or both of polling and interrupt techniques.
 16. The decisionunit according to claim 1, functionally organized in a multi-levelhierarchy.
 17. An autonomous vehicle (AV) having a decision unit asdefined in claim
 1. 18. The AV according to claim 17, selected from thegroup of air AV, space AV, ground AV, underground AV, sea AV, underwaterAV and autonomous missile.
 19. A system comprising a fleet of AV's foraccomplishing a common mission, wherein each AV is as defined in claim17.
 20. A system according to claim 19, in which at least two of saidAVs are adapted to operate in a cooperative mode of operation foraccomplishing said common mission.
 21. A system according to claim 19comprising a fleet of Autonomous Underwater Vehicles--AUVs for a MineClearing application.
 22. A system according to claim 19 comprising afleet of air AVs for intercepting tactical ballistic missiles over enemyterritory.
 23. A system according to claim 19 comprising a fleet of UGVsfor warfare application.
 24. The decision unit according to claim 1,wherein said portion of said MP is downloaded prior to departure to saidmission whereas the remaining portion thereof is planned by said plannermodule while-on-mission.
 25. In an autonomous vehicle (AV) designed forthe execution of a mission, and having an autonomous programmabledecision unit for managing and controlling the execution of the missionby utilizing a plurality of subsystems and database means for holdingand managing data including pre-stored data and data acquired by andreceived from said plurality of subsystems, said autonomous programmabledecision unit being functionally organized in a three-level hierarchyarchitecture of a top level, an intermediate level and a leaf level;saidtop level having a mission manager (MM) comprising a mission managermission plan (MM MP) for accomplishing the execution of said missionthat utilizes said database; said MP graph consisting of a plurality ofstates each being a mission manager's mission state (MM MS) andincluding MM MS that are defined as "mission start", "mission complete"and "mission failed"; and a plurality of arcs linking said states eachsignifying transition conditions between two Mm MSs which it links; saidintermediate level comprising a plurality of system managers (SM),subordinated to said MM, and comprising each a system manager'soperational plan (SOP) that utilizes said database; said leaf levelcomprising a plurality of subsystems each subordinated to one only ofsaid SM's; each MM MS representing a MM mission segment, to be assignedto at least one of the SMs, in terms of at least one essentiallyfunctionally defined task and its associated constraints and parameters;the SOP of each SM determining an SOP mission segment for assignment toand execution by the subsystem subordinated thereto in terms of detaileddesign of said essentially functionally defined task; the operation ofmanaging and controlling the execution of the mission including asuccession of iterations that include each:(i) assignment of an MMmission segment associated with a current MM MS via said at least one SMto said at least one subsystem; (ii) receipt by each one of said atleast one SM from its subordinated subsystem intermediate level reportdata which include data indicative of the execution status of said SOPmission segment by said subsystem; (iii) receipt by said MM from the SMstop level report data which include data indicative of the executionstatus of said MM mission segment by said at least one sub system; (iv)evaluation of said top level report data for determining either ofnormal behavior and an exceptional event; and(iv.1) in response tonormal behavior either staying in current MM MS or transiting from thecurrent MM MS to another in the case that said top level report data, orportion thereof, satisfy said transition conditions; or (iv.2) inresponse to exceptional event eliciting a responsive action from the MMin order to accomplish the execution of said mission.
 26. A decisionunit according to claim 25, wherein at least one of said SOP graphsconsisting of a plurality of states each being an SM task state (SM TS)and including SM TS that are defined as "task start", "task complete"and "task failed"; and a plurality of arcs linking said states and eachsignifying transition conditions between two SM TS which it links, andwherein said SM:(ii.1) evaluates of said intermediate level report datafor determining either of normal behavior and an exceptional event; and(ii.11) in response to normal behavior either staying in current SM TSor transiting from the current SM TS to a next one in the case that saidintermediate level report data, or portion thereof, satisfy saidtransition conditions; or (ii.12) in response to an exceptional eventeliciting a responsive action from the SM.
 27. The decision unitaccording to claim 25, wherein said task parameters include operationmode, operation data and timing and synchronization data for theexecution of said task or task portion.
 28. The decision unit accordingto claim 25, wherein said MM classifies said exceptional event asbelonging to a first group, constituting a replanning group, or a secondgroup constituting non-replanning group, and in response to a firstgroup classification, said MM activates an associated planner module forshort time while-on-mission, modifications of said MM MP eitherpartially or in its entirety.
 29. The decision unit according to claim28, wherein said responsive action of the MM being one of the followinga to h options:a) no change at all, keep executing said MM MP, no changeof MM mission state; b) make a minor modification in the MM MP, or aparameter thereof with no change of MM mission state, then update thedatabase and execute the modified MM MP; c) transit the mission state toa new mission state of the MM MP, not according to a regular transitionsequence; then execute the MM MP, while being at the new mission state;d) select a new MM MP out of a bank of pre-stored MM MP according to aselection criteria; then update the database, and execute the newselected MM MP; e) select and combine pre-stored MM MPs, or pre-storedMM MP segments thereof, into a new combined MM MP; then, update thedatabase and execute the combined MM MP; f) re-plan an alternative MM MPor segments thereof by utilizing said planner module; then update thedatabase and execute the replanned MM MP; g) reconfigure the AV eitherby replacing an inoperative device or module in a subsystem, by anidentical backup device, or activate other modules in the subsystem;then continue according to the MM MP; and h) select a crisis recovery MMMP, out of a bank of pre-stored crisis recovery MM MPs according toselection criteria; then update the database and execute the selectedcrisis recovery MM MP.
 30. The AV according to claim 25, wherein said MMcomprising the following sub-modules, in combination:a) MissionSupervisor/Sequencer FPSM, b) System Managers Coordinator FPSM, c)Mission & System Monitor FPSM, d) Context/Situation Reasoner FPSM, e)Exceptional Event Handler FPSM, f) Global Planner/Coordinator FPSM, g)Cooperation Coordinator FPSM, h) Simulator/Evaluator FPSM, i) Memory andData Base FPSM, j) Active Plan Memory FPSM, k) Data Organizer FPSM; andl) Communication/Interface FPSM.
 31. The AV according to claim 28,wherein said planner module comprising, in combination:a) Planningmanager FPSM, b) Requirements Definition FPSM, c) Procedure SelectorFPSM, d) Plan Generator FPSM, e) Optimizer FPSM 417; and f) PlanSelector FPSM.
 32. The AV according to claim 28, wherein said plannermodule is responsive to a plan command which includes the followingparameters:a) plan type, b) planning initialization and synchronizationparameters, c) time to complete plan; and d) operation mode--individualor, cooperative.
 33. An AV having a decision unit according to claim 25,comprising the following six SMs:a) Flight Manager (FM), b) NavigationManager (NM), c) Sensor Manager (SNM), d) Payload Manager (PM), e)Communication Manager (CM), and, f) Auxiliary Systems Manager (ASM);said AV further comprising the following six subsystems, respectivelysubordinated to said six SMs: a) Flight and Guidance Systems, b)Navigation System, c) Sensor System, d) Payload System, e) CommunicationSystem, and, f) Auxiliary Systems.
 34. An AV according to claim 25,wherein said MM:a) initializes the AV operation, b) executes AV missionmanagement and sequencing, according to said Mission Manager MissionPlan--MM MP, c) monitors the mission executing status, and subsystemshealth, d) analyzes the mission context and situation, e) executesglobal MP planning, plan adjustment, and replanning, f) generates andassigns tasks for assignment to the SMs, g) plans evaluation andsimulation, h) makes decisions on responsive action in case ofexceptional event or failure, i) responds in combination if multipleexceptional events occur simultaneously; and j) coordinates the AVoperation in cooperative operation mode.
 35. An AV according to claim33, wherein said FM does:a) initializing of the operation of the Flightand Guidance System, b) Flight and Guidance System management andsequencing, following the mission and flight plan--SOP, c) planning andgenerate of detailed local Trajectory Plan--TP, according to the missionplan, where the TP has to be executed by the guidance and flight controlsubsystems, d) generate commands including operation (flight) mode, e)monitoring the flight execution status, and the Flight and GuidanceSystem health status, f) report the flight execution status, and theFlight and Guidance sub-subsystems health status to MM g) makesdecisions on responsive action to exceptional events which are relatedto flight and guidance, and to Flight and Guidance System failures, h)report to the MM on exceptional events; and i) runs BIT procedure ofFlight and Guidance subsystems.
 36. An AV according to claim 33, whereinsaid NM does:a) initializing of the operation of the Navigation System,b) calibration and alignment of the Navigation System, c) NavigationSystem management and sequencing, following the navigation plan--SOP, d)updates to the navigation plan, c) generate commands including operation(navigation) mode f) monitoring of the navigation execution status, andthe Navigation System health status, g) report the navigation executionstatus, and the Navigation sub-systems health status to MM, h) makedecision on responsive action to exceptional events which are related tonavigation performance, and to Navigation System failures, i) controlthe distribution of the processed navigation data to the user FPMs, j)perform high level data processing, data association and data fusionfunctions, on data which is received from Navigation sub-systems, and/orfrom the Global Memory and Data Base, k) report to the MM on exceptionalevents and l) run BIT procedure of Navigation sub-systems.
 37. An AVaccording to claim 33, wherein said SNM does:a) initializing of theoperation of the Sensor System, b) initialization of the calibration ofthe Sensor System, c) Sensor System management and sequencing, followingthe sensing plan--SOP, d) updates to the sensing plan to cope withactual situation, e) generate commands including operation (search andsensing) mode, f) monitoring of the sensing execution status, and theSensor System health status, g) reports of the sensing execution status,and the Sensor sub-systems health status to MM, h) decision onresponsive action to exceptional events which are related to sensorperformance, and to Sensor System failures, i) control the distributionof the sensor processed data to all the user FPMs, j) perform high leveldata processing, data association and data fusion functions, on datawhich is received from Sensor sub-systems, and/or from the Global Memoryand Data Base--GMDB, k) report the MM on exceptional events; and l) runBIT procedure of Sensor sub-systems.
 38. An AV according to claim 33,wherein said Payload Manager does:a) initializing of the operation ofthe Payload System, b) initiate the calibration of the Payload System,c) Payload System management and sequencing, following the payloadoperation plan--SOP, d) update the payload operating plan to cope withthe actual situation, e) generate and transmit commands includingpayload operation mode and operation data/parameters to payloadsub-system, f) monitoring the payload operation execution status, andthe Payload System health status, g) report the payload executionstatus, and the Payload sub-systems health status to MM, h) decision onresponsive action to exceptional events which are related to payloadperformance, and to Payload System failures, i) control the distributionof the payload processed data to all the user FPMs, j) perform highlevel data processing, data association and data fusion functions, ondata which is received from payload sub-systems, and/or from the GlobalMemory and Data Base--GMDB, k) report the MM on excepted events; and l)run BIT procedure of Payload sub-systems.
 39. An AV according to claim33, wherein said CM does:a) initializing of the operation of theCommunication System, b) Communication System management and sequencing,following the communication plan--SOP, c) update the communication planto cope with the actual situation, d) organize the in-coming and theout-going transmissions, according to protocols, e) monitoring of thecommunication execution status, and the Communication System healthstatus, f) report the communication execution status, and theCommunication System health status to MM, g) decision on responsiveaction to exceptional events which are related to communicationperformance, and to Communication System failures, h) report the MM onexceptional events; and i) run BIT procedure of Communication System.40. An AV according to claim 33, wherein said ASM does:a) initializingof the operation of the Auxiliary Systems, b) Auxiliary Systemsmanagement and sequencing, following the auxiliary systems operationplan--SOP, c) update the auxiliary systems operating plan to cope withthe actual situation, d) generate and transmit commands includingoperation mode, and operation data parameters to auxiliary systems, e)monitoring of the auxiliary systems operation execution status, theresource level, and the Auxiliary Systems health status, f) report theauxiliary systems execution status, the resource level, and theAuxiliary Systems health status to MM, g) decision on responsive actionto exceptional events which are related to auxiliary systemsperformance, and to Auxiliary Systems failures, h) report the MM onexceptional events; and i) run BIT procedure of Auxiliary sub-systems.41. The decision unit according to claim 25, wherein said SM classifiessaid exceptional event as belonging to a first group, constituting areplanning group, or a second group, constituting non-replanning group,and in response to a first group classification, said SM activates anassociated planner module, for short time, while-on-mission,modifications of said SOP either partially or in its entirety.
 42. Thedecision unit according to claim 41, wherein said responsive action ofthe SM being one of the following a to h options:a) no change at all,keep executing said SOP, no change of SM task state; b) make a minormodification in the SOP, or a parameter thereof with no change of SOPtask state, then update the database and execute the modified SOP; c)transit the task state to a new task state of the SOP, not according toa regular transition sequence; then execute the SOP, while being at thenew task state; d) select a new SOP out of a bank of pre-stored SOPsaccording to a selection criteria; then update the database, and executethe new selected SOP; e) select and combine pre-stored SOPs, orpre-stored SOPs segments thereof, into a new combined SOP; then, updatethe database and execute the combined SOP; f) re-plan an alternative SMSOP or segments thereof by utilizing said planner module; then updatethe database and execute the replanned SOP; g) reconfigure the AV eitherby replacing an inoperative device or module in a subsystem, by anidentical backup device, or activate other modules in the subsystem;then continue according to the SOP; and h) select a crisis recovery SOP,out of a bank of pre-stored crisis recovery SOPs according to selectioncriteria; then update the database and execute the selected crisisrecovery SOP.
 43. The decision unit according to claim 25, functionallyorganized in a multi-level hierarchy.
 44. In a vehicle designed for theexecution of a mission, a programmable decision unit for managing andcontrolling the execution of the mission by utilizing a plurality ofsubsystems and database means for holding and managing data includingpre-stored data and data acquired by and received from said plurality ofsubsystems, which programmable decision unit comprises a mission plan(MP), for accomplishing the execution of said mission, comprising:(a) aplurality of states each being a mission state representing a missionsegment to be executed by at least one of the subsystems and includingmission states that are defined as "mission start", "mission complete"and "mission failed"; and (b) a plurality of arcs linking said statesand each signifying transition conditions between two mission stateswhich it links; the operation of managing and controlling the executionof the mission includes a succession of iterations that include each:(i)assignment of a mission segment associated with a current mission stateto at least one of said subsystems; (ii) receipt from the subsystems ofreport data which include data indicative of the execution status ofsaid mission segment by said at least one subsystem; (iii) evaluation ofsaid report data for determining at least either of normal behavior andexceptional event; and(iii.1) in response to normal behavior, eitherstaying in current mission state of the MP or transiting from thecurrent mission state of the MP to another in the case that said reportdata, or portion thereof, satisfy and transition conditions; or (iii.2)in response to exceptional even eliciting a responsive action in orderto accomplish the execution of said mission.
 45. The decision unitaccording to claim 44, being capable of classifying said exceptionalevent as belonging to a first group, constituting a replanning group, ora second group, constituting non-replanning group, and in response to afirst group classification, said decision unit is capable of activatingan associated planner module, for short time, while-on-mission,modifications of said mission plan either partially or in its entirety.46. The decision unit according to claim 45, wherein said responsiveaction being one of the following a to h options:a) no change at all,keep executing said MP, no change of mission state; b) make a minormodification in the MP, or a parameter thereof with no change of missionstate, then update the database and execute the modified MP; c) transitthe mission state to a new mission state of the MP, not according to aregular transition sequence; then execute the MP, while being at the newmission state; d) select a new MP out of a bank of pre-stored MPaccording to a selection criteria; then update the database, and executethe new selected MP; e) select and combine pre-stored MPs, or pre-storedMP segments thereof, into a new combined MP; then, update the databaseand execute the combined MP; f) re-plan an alternative MP or segmentsthereof by utilizing said planner module; then update the database andexecute the replanned MP; g) reconfigure the AV either by replacing aninoperative device or module in a subsystem, by an identical backupdevice, or activate other modules in the subsystem; then continueaccording to the MP; and h) select a crisis recovery MP, out of a bankof pre-stored crisis recovery MPs according to selection criteria; thenupdated the database and execute the selected crisis recovery MP. 47.The decision unit according to claim 44, wherein said MP is downloaded,in its entirety, to said database prior to departure to said mission.48. The decision unit according to claim 45, wherein said portion ofsaid MP is downloaded prior to departure to said mission whereas theremaining portion thereof is planned by said planner modulewhile-on-mission.
 49. The decision unit according to claim 45, whereinsaid planner module employs at least one of the following techniques:dynamic programming, Dijkstra, neural network, genetic algorithm, linearprogramming, gradient search, Newton search, heuristic, simulatedannealing, integral equations, differential equations, differenceequations, fuzzy models, random search, learning techniques non-linearprogramming, digital filters, continuous time filters, A*, unimodelsearch and multi-model search.
 50. The decision unit according to claim45, wherein said planner module generates at least two MPs having each aplan score assigned thereto in accordance with predetermined criteria;said planner module is further selects the MP having the highest score.51. The decision unit according to claim 50, wherein said planner modulefurther comprising a simulator sub-module for simulating the operationof each one the at least two MPs for assigning thereto said score. 52.The decision unit according to claim 51, wherein said simulator moduleemploys at least one of the following techniques: dynamic programming,Dijkstra, neural network, genetic algorithm, linear programming,gradient search, Newton search, heuristic, simulated annealing, integralequations, differential equations, difference equations, fuzzy models,random search, learning techniques non-linear programming, digitalfilters, continuous time filters and A*.
 53. The decision unit accordingto claim 44, wherein said decision unit is responsive to, essentiallysimultaneous at least two of said events, for generating a combinedresponse.
 54. The decision unit according to claim 53, wherein saidcombined response is dependent upon at least one of the followingfactors: the degree of the abnormal event, the system state, the missioncontext, the sub-system status, risk to mission accomplishment and thepriority of responses.
 55. The decision unit according to claim 53,wherein said combined response follows one of the following fourmodes:a) critical conflict mode; b) competitive conflict mode; c)cooperative mode; and d) complementary mode.
 56. The decision unitaccording to claim 44, wherein said report data is received by employingeither or both of polling and interrupt techniques.
 57. The decisionunit according to claim 44, functionally organized in a multi-levelhierarchy.
 58. The decision unit according to claim 49, wherein said MPhas at least two "mission complete" states.
 59. The decision unitaccording to claim 49, wherein said MP has at least two "mission fail"states.
 60. In a vehicle designed for the execution of a mission, aprogrammable decision unit for managing and controlling the execution ofthe mission by utilizing a plurality of subsystems and database meansfor holding and managing data including pre-stored data and datareceived from said plurality of subsystems, which programmable decisionunit comprises a mission plan (MP) for accomplishing the execution ofsaid mission, comprising:a plurality of mission segments to be executedby at least one of the subsystems; and the operation of managing andcontrolling the execution of the mission includes a succession ofiterations that includes each:(i) assignment of a mission segmentassociated with a current mission state to at least one of saidsubsystems; (ii) receipt from the subsystems of report data whichincludes data indicative of the execution status of said mission segmentby said at least one subsystem; (iii) evaluation of said report data fordetermining at least either of normal behavior and exceptional event.